Minutes: Nat'l K-12 Federated IAM Task Force Call of 19-June-2013
Attending
Steve Olshansky, Internet2 (Chair)
Sharren Bates, inBloom
Keith Krueger, CoSN
Violeta Curlic, DC One Card
Mark Scheible, MCNC
Mike Danahy, Education Service Unit 2, Fremont NE
James Werle, Internet2
DISCUSSION
inBloom Overview
Sharren Bates, Chief Product Officer
https://www.inbloom.org/
Background
-inBloom is a nonprofit that came out of the Shared Learning Collaborative (SLC)
-SLC was started in 2011 by the Council of the Chief State School Officers ( http://ccsso.org/ ) in partnership with many districts and schools
-Received funding from Gates and Carnegie
-inBloom was established in Feb. 2013 as an independent, nonprofit organization to carry forward the mission of the SLC.
Goals and Objectives
-By offering data and content interoperability services, inBloom works to support development and implementation of great data-driven apps to support teachers students and families.
-The goal is to foster secure, flexible IT architecture
-Ensuring security data security is paramount
Educational Technology Landscape
-There is a lot of innovation in differentiated instruction and personalized learning
-There are assessment and diagnostic tools to help teachers identity where students need more challenge or more support
- It's challenging for teachers and other staff to handle all the manual roster work involved in using the assessment and diagnostic tools
-Teachers often spend hours building their own spreadsheets
-Technology must do a better job
-Often districts invest in custom integration of tools
-Substantial overhead is needed to integrate with teacher, student, class data
-The data lives in a lot of different systems
-Often this same problem is being solved multiple times
inBloom Approach
-InBloom has concluded that this issue can be worth a common action, if we can ensure that the system will be secure and have good performance
-states and districts can use a shared services model rather than making investments in custom solution
-To get enrollment data into the assessment and diagnostic tools, there should be a standard spec
-Making for easier integration, with focus on end user value
Status:
-inBloom spent the last 2 years building the production-ready version of the services
-In Dec. 2012 had a production release. Since then, have been prioritizing requirements and done point releases
-Next milestone is to open source the code, hopefully by end of Q3 of 2013
-Plan is to put code on Github and to welcome in a larger community of contributors
Plan
-Build service alongside customers (9 states together with districts in each state)
-Work with providers who see this as an opportunity
Q&A
Q: If a district has a process established where users log in with their own credentials, how does the connection to inBloom work ?
A: Sharren:
-InBloom's design is agnostic to the front-end consuming applications
-The district uses InBloom as the syncing and transfer layer
-The district's front-end applications use the inBloom API to request data from the inBloom operational data store on behalf of the user
-The inBloom API knows whether to answer that request based on two authentications:
1) Has the app been approved by that school district?
2) Does the user appear in the local IdM provider? This is managed via SAML federation
===================
Q: Is data access in real time?
A: There are two ways to interact with the inBloom data store:
1) Existing systems that do NOT get refactored can do a bulk extract
2) Applications being built natively or older apps that get a refactoring can get more of the single sign-on and IdM benefit
===================
Q: Is inBloom getting headwind in some states?
A: Sharren: When inBloom gets to scale, we will dealing with large quantities of student identity data, so we need to be clear about what we do and do not do.
There has been some misinformation via social media. It is important to emphasize:
-This is not a national database
-For each school district and each state, data is logically separated. Data can't be combined unless school district wants
-Data will not be used for marketing
-inBloom does not aggregate and does not give access to marketers
-inBloom is very serious about alignment w FERPA
-The early customers are seeing the benefit and moving forward
-When Illinois and Newark are ready to tell their story this will help combat some of the misinformation
===================
Q: What about data analytics? Will inBloom look at the data to see what is most successful with different kinds of students?
A: Sharren:
-The promise of analytics has been around for almost 10 years
-There is pent up demand for learning analytics and recommendations
-Part of the problem is sourcing and integrating the data
-So inbloom is lowering the barriers
-If assessment data is available, and if a school districts want to load that assessment data into the InBloom service such that an analytics engine can be deployed against it based on a contract w the district, then this is a win
===================
Q: For federated identity, do you have concerns on how identity proofing is done?
A Sharren:
-It's important to be clear on who "owns" provision of identity
-The policy and process can be challenging
-We respect the push forward in this area
===================
Q: What is the relationship between inBloom and eGFI and CEDS?
A: Sharren:
-It made sense to leverage the Ed-Fi data specification, based on the Common Education Data Standards (CEDS).
===================
Q: What is the inBloom funding model moving forward?
A: Sharren:
-Funds came from Gates and Carnegie Foundations at the start
-inBloom is looking at sustainable funding moving forward
-The plan is to get support from
1) states and districts that use the service
2) Partnerships with consuming applications
(the expectation is that states and districts may specify inBloom in their RFPs and contracts)
===================
Thank you to Sharren for an interesting presentation. Sharren may return to update this group again in the future.
===================
InCommon/Quilt K-12 Federation Pilotshttps://spaces.at.internet2.edu/display/InCQuiltFed/Home
SteveO reported that the InCommon/Quilt pilots are moving forward.
Two organizations represented on today's call (Nebraska and MCNC) are among the
8 participating pilots.
Mike commented that the Nebraska Pilot has two parts: Western and Eastern Nebraska:
-Western Nebraska is already doing SSO
-Have the directory server working and have hired a programmer to work on portals
-Plan to put in place the schema needed to work with the InCommon Federation
-Eastern Nebraska (where Mike works)
-Recently put up the LDAP server
-Are engaging in talks with the InCommon Affiliate gluu ( http://www.gluu.org/ )
-Implementing federated identity is a high priority for Nebraska
Next Call: Wed. 17-July-2013 at 3pm ET