You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 55 Next »

Introduction

The original purpose of this survey was to understand what other institutions are doing or planning to do in response to the requirement in Section 495 of the HEOA (2008). This states that accrediting agencies must require an institution that offers distance education or correspondence education to have processes through which the institution establishes that the student who registers in a distance education or correspondence education course or program is the same student who participates in and completes the program and receives the academic credit.

However, the challenge of remote credentialing does not only exist in Distance Education. Most incoming students at an institution go through an admissions process that requires their access to campus applications or services prior to their arrival on campus. In some cases, these applications deal with FERPA protected or financial data that needs to be protected from inappropriate access. The question is how comfortable are institutions that their process for granting access to these resources is secure - namely, that the campus credential they issue to the "student" is really going to the right person.

This survey will focus on the identity proofing and credentialing of students "at a distance", whether they are in a formal Distance Education or a Corespondence Program or are students pursuing a more traditional on-campus education, but prior to their arrival on campus.

Who should fill this out.

Privacy Statement and Results.

Primary Audience/Scoping: Degree seeking students in distance education programs.

Terms

Authentication - The process of identifying an individual, usually based on username and password. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.

Credential - An object that authoritatively binds an identity (and optionally, additiional attributes) to a token possessed and controlled by a person.

Credentialing - The process whereby users are given electronic credentials to ensure that they are coupled with the correct digital identity information.

Digital Identity - The representation of a human identity that is used in a distributed network interaction with other machines or people.  The purpose of the digital identity is to establish the level of comfort and confidence in a digital environment that is associated with face-to-face human interactions.

Identifier - usually a permanent, persistant number assigned to a student.  Frequently a replacement for SSN.  (StudentID number).  Usernames are also identifiers but may not be persistent.

Identity Proofing - The process of verifying the identity of an individual either "in person" by presenting a government issued photo ID or through challenge-response questions that contain information about the individual being "proofed" that would not be available to the general public. Usually performed in conjunction with the credentialing process. Proponderance of evidence.

Identity Vetting - The process of thorough examination and evaluation of an individual's identity data.

Prospective Student - a person who has expressed interest (or in whom the institution has expressed interest) in submitting an admission application.   

UserID - account/login ID (NetID).  Can be name-based or not.  May or may not be permanent, persistent.

Demographic Information and Environment

  1. Department of the person completing the survey:
    1. Admissions
    2. Registrar
    3. Distance Education / Correspondence Education
    4. Information Technology
    5. Other ______________________
  2. Institution information
    1. Name of Institution (This will not be published in the survey results but will be used for correlating answers)
    2. What is the size of the distance education student population?
    3. If your institution offer both traditional and distance education degrees, are your student credentials (username/password) maintained and administered:
      1. Together
      2. Separately
      3. Other____________________________
    4. If your institution offers both traditional and distance degrees, are the admissions and registration functions:
      1. Combined/consolidated into one unit
      2. Separate
      3. Other____________________________

Remote Identity Proofing and Credentialing of Students

  1. How do you begin your recruiting process (Check all that apply)?
    1. Internal aggregation of "Suspects" (Inquiries, camp attendees, etc)
    2. Obtain potential "suspects" from third Party
  2. When do you first learn about prospective students? (Check all that apply.)
    1. Test score Referrals
    2. High School Meetings
    3. Alumni/other "gatherings"
    4. Phone Inquiries
    5. Other ______________________
  3. How do prospective remote students make initial contact? (Check all that apply.)
    1. Submit an application
    2. Email Inquiry
    3. Inquiry through Campus Portal
    4. Phone Inquiries
    5. Request for Site Visit
    6. Response to CRM Campaign
    7. Other ______________________
  4. How do you establish an initial communications channel? (Check all that apply.)
    1. Use the user supplied email address
    2. Establish/use institutional email address.
    3. Parent/guardian email address
    4. US Postal Mail
    5. Voice contact
    6. Personal appearance
    7. Other ______________
  5. What business office is involved in doing the identity proofing of remote students? (Check all that apply.)
    1. Admissions
    2. Registrar
    3. Bursar
    4. Identity/Campus Card
    5. Orientation
    6. Academic Unit
    7. Distance Education
    8. Other ______________________
  6. At what point is the first login credential assigned (e.g. email address, userid/password pair, etc.)?
    1. First contact from prospect and request for information
    2. Initial application
    3. Completed application portfolio
    4. Admitted 
    5. Received deposit/earnest money
    6. Registration completed
    7. We don't assign initial login credentials. We accept existing credentials from services like Google, Facebook, Twitter, 

      [Mark M. to provide credential clearinghouse examples]

    8. Other ______________________
  7. How is this initial login credential communicated to the remote person? (Check all that apply.)
    1. Send via US Postal Mail
    2. Send to a prospect-provided mobile number
    3. Send via email to a prospect-provided address
    4. Send a one-time link to a password selection page (via US Mail or email or mobile)
    5. Ask a prospect to access a webpage and choose/obtain login credentials (userid/password)
    6. Other ______________________
  8. Is this initial login credential used throughout the student's tenure?
    1. Yes. (If yes, skip the next question. )
    2. No
  9. If another login credential is assigned, please indicate at what point the permanent login credentials are established?
    1. Initial application
    2. Completed application portfolio
    3. Admitted 
    4. Received deposit/earnest money
    5. Registration completed
    6. Other ______________________
  10. How is this permanent login credential communicated to the remote student? (Check all that apply.)
    1. Send via US Postal Mail
    2. Send to a prospect-provided mobile number
    3. Send via email to a prospect-provided address
    4. Send via email to an institutionally-provided address
    5. Send a one-time link to a password selection page (via US Mail or email or mobile)
    6. Ask a prospect to access a webpage and choose/obtain login credentials (userid/password)
    7. Other ______________________
  11. Upon first login with permanent credentials, is the person required to change the password?
    1. Yes
    2. No
    3. Other ______________________
  12. At what point is supporting documentation about an individual received from external third parties (e.g., testing service, etc)?(Check all that apply.)
    1. Prior to first contact from person
    2. First contact from person and request for information
    3. Initial application
    4. Completed application portfolio
    5. Admitted 
    6. Received deposit/earnest money
    7. Registration completed
    8. Never
  13. If supporting document is received, does their receipt result in increased confidence about the identity of the client?
    1. Yes (If yes go to 9)
    2. No (Go to 10)
    3. It makes no difference (Go to 10)
  14. Do you provide more sensitive information and services based on the increased confidence resulting from the documentation received from external third parties?
    1. Yes
    2. No
  15. At what point do you do primary identity proofing (Provide definition) of the individual?
    1. On issuance of the permanent credential
    2. First contact from prospect and request for information
    3. Initial application
    4. Completed application portfolio
    5. Admitted 
    6. Received deposit/earnest money
    7. Registration completed
    8. None of the above. We don't do identity proofing.
    9. Other ______________________
  16. Why did you choose this stage? ______________________
  17. What information do you have on the remote person at the stage? (Check all that apply.)
    1. Name
    2. Address
    3. Birthdate
    4. Email address
    5. High School Transcript
    6. Test scores
    7. Parent/Guardian Name
    8. Parent/Guardian Address and Contact information
    9. Academic Interest
    10. Academic Term of interest
    11. Financial Aid Information
    12. Credit Card Number or Bank Account
    13. Post-secondary Institution (if transfer student)
    14. Other notable ______________________
  18. What evidence do you require from the person to prove their physical identity?
    1. Faxed/scanned government picture id
    2. Faxed/scanned credit card
    3. Faxed/scanned notarized documents
    4. Electronially notarized documents/forms
    5. In person appearance at notary office
    6. In person appearance on campus
    7. Use a third-party vendor to validate identity. Please specify: __________________
    8. Other
  19. How are these sent to you?
    1. Email
    2. Fax
    3. US Postal Mail
    4. File Upload
    5. Other ______________________
  20. Please indicate any concerns with this process (unauthorized individual obtains financial aid or gains access to FERPA-protected data, labor intensive, inconvenient for client) ______________________
  21. If changes were proposed to the identity proofing process for distance education students, who would be involved in the decision? Check all that apply.
    1. Campus-wide governance board
    2. Admissions/Registrar Office
    3. Audit Office
    4. Office of General Council
    5. Security Office
    6. Privacy Officer
    7. Distance Education Office
    8. IT Management Team
    9. IT Technical Staff
    10. Other____________________________
  • No labels