InC-Student: Notes from 10/16/2009
-------------------
Attending
Andrea Beesing, Cornell University
Brendan Bellina, University of Southern California
Tom Black, Stanford University
Scotty Logan, Stanford University
Mark McConahay, Indiana University
Rodney Peterson, EDUCAUSE
Mark Scheible, North Carolina State University
Ann West, Internet2/EDUCAUSE
Dean Woodbeck, Internet2 (scribe)
-------------------
Round Robin
Cornell University - The champion for student federated initiatives, David Yeh, has moved and there is nothing new to report, in terms of student services. On a side note, the university is working with the alumni office to use Shibboleth in implementing a service with Harris Connect.
North Carolina State University - NC State will soon make a final decision on whether to use SSO for Google Apps for Education. The university will likely implement email accounts for life, which seems to be more consistent with SSO. They will also implement a Shibbolized Moodle service, to be piloted this summer. There is also interest in federating with the National Student Clearinghouse.
University of Southern California - Brendan gave a presentation about federating with the Clearinghouse at the Internet2 Fall Member Meeting. The university may also be looking at federating with StudentsOnly.
Stanford University - Tom reported the university is working with Qualtrics (www.qualtircs.com), a company that provides an online survey instrument. Stanford would like to use Shibboleth for authentication and Qualtrics has agreed. Stanford will soon be sponsoring them into the federation. A survey of the Qualtrics website shows they have a number of InCommon participants as clients..
-------------------
AACRAO Webinar Debrief
Mark Scheible recapped some of the conversation from a recent AACRAO webinar, specifically remote identity proofing. One question was whether there is a way for federation members to help one another with identity proofing distance learning students. Could a student take documentation to a nearby federation member and be identity proofed, or receive credentials, for access at another federation member-institution? The base question - we have a federation and a number if members, could we take advantage of that? Or could a person receive some sort of InCommon credential to accomplish this purpose?
Might this be for credentials to meet level 2? Such students would be able to get a level 1 credential from ProtectNetwork, for example. Other items to take into account:
There may be a demand from the K-12 arena - could they be accommodated?
From a state's perspective, having community college as federation members might help, as most people would live near a community college.
The question is about identity vetting, or tying an individual to documentation, not access to resources. Might there be a role for third-party services involved in the application process (like CollegeNet)?
If there is a preponderance of evidence (which works for level 1), is that enough for this purpose?
Ann suggested it might be of value to outline some situations in which such a service is needed, including outlining the requirements. Where are the problems? What populations need to be served? What level of assurance is necessary for the credentials?
There was a discussion about whether Silver might serve as the prescribed set of practices for this purpose, depending on whether anything might be missing from that assurance profile. It would be good to have a shorter document (rather than the current Silver document), extracting those parts that are germane to how people do business. There are specific questions to be answered, such as how credentials can be delivered (from an institutional email address? postal mail only?). Are knowledge-based questions adequate for identity proofing?
While the Silver document is long, it does include Bronze, a glossary, and introductory information - all of which could be removed to create something shorter. There is also some interest in a table format that would help document the connection between the level of assurance and the provisioning for access.
Considering the student life cycle, there are various levels of authority required to provide various services. Some of these require stronger identity proofing requirements.
There are a number of unanswered questions, which need to be addressed. A suggested approach is to start from the level of assurance necessary for the credential and work backwards. Another step might be to use Silver and Bronze as a starting point, then work backward and determined what is sufficient and what is not sufficient for FERPA regulations.
Another approach is to start with FERPA and come up with a set of practices that conform to the regulations and give prescriptive guidance on implementing authentication. Rodney suggested that legal review should also be included in this process. He said he could invite Steve McDonald and/or Nancy Tribbenstein - the two foremost FERPA experts in the country.
The next call will involve answering these questions (what are the situations in which this service is needed, what population would this serve, what requirements are necessary) and discussing the set of practices (as outlined n the previous paragraph).
Next call - Friday, October 30, 3 p.m. EDT