Identity and Access Management Working for Schools and Their Systems: What about ours? Andreas Kubisch Paul Seiler
Jun 14, 2015
Identity and Access Management Working for Schools and Their Systems:
What about ours?
Andreas KubischPaul Seiler
What is an MLE?
“Software tools and digital content that support learning”
• Comprised of many different modules, such as an SMS, LMS, eportfolio tool, blog, repositories for digital learning objects and many more
• Check out the MLE Reference Group to learn more
• Or view the component parts
SMS
ENROLENROL
Student record
transfer
Student record
transfer
e-asTTlePAT
e-asTTlePAT
Early notification
Early notification
eReturnseReturns
Library systemLibrary system
Metadata searchingMetadata searching
Web mailWeb mail
Digital content stores
Digital content stores
IdP
Content Authoring
Tools
Content Authoring
Tools
NSINSI
SMS - directory
integration eportfolioeportfolio
LMS
Parent portalParent portal
Online office suites
Online office suites
National StandardsNational
Standards
Electronic attendance
registers
Electronic attendance
registers
ENROL integration
IAM
Reusable and portable contentAssessment support
Attendance support
Authentication flows (existing)Data flows (existing) Data flows (proposed)
Authentication flows (proposed)
Or as a wiring diagram
Googledocs
Username:Password:
LMSUsername:Password: Hosted
SMSUsername:Password:
ParentPortal
Username:Password:
WikiEducator
Username:Password:
E-portfolio
Username:Password:
Library system
Username:Password:
The Problem
The solutions tried so far…and why we need something else
1. Synchronized passwords• Some good examples• Working very well for these schools• But not easily transplanted
2. Centralized identity store• E-asTTle (ESAA), ENROL (SIA)• Provisioning and keeping up to date is too hard• All teachers, students and parents would be
majority of NZ population
ESAA
What we have come up withThe corner stones of our approach
Non-centralized approach Full automation
Actual single sign onKeep identity data at the source
Directory - IDP - Service
Exciting stuff this will make possible
• Mash up pages – e.g. parts of LMS, ePortfolio and library system on one page
• Un-provisioned access for parents
• Generate credentials for all parents
Is it happening yet?
• YES• Approx 100 schools using it• IDPs established in local loops (Christchurch,
Wellington, Nelson)• Commercial offerings from Smartcom, Norrcom,
Watchdog and Edtech• Growing list of connected services, including first
“education sector service” (Pressure from users works better than pressure from MoE)
Testimony from a userYou be the judge!
Are there any risks?
• YES - But none of them are new• The technical side is the easy part• Schools need good policies for managing
identities and access• Schools need to think about and manage
risk • Students need to learn what it means to
have a digital identity
Questions
• Where are the opportunities to work together, join-up, interoperate, allow multiple paths, etc?
• What could each team offer the other?
For Future Reference
• Videos of our recent presentation to schools• Related presentations• Online forum for q&a/support for IAM for Schools• User Directory Interface download and
documentation