You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 31 Next »

A Roadmap to K-12 Federated Identity Management

For information about authenticating to this wiki so you can edit here, see Getting access to the Internet2 federated wiki.

Introduction

Write up on K-12 Federation versus Higher Education? (Need a narrative form, but here's an outline to start)

Terminology

See Glossary

Benefits (Value Proposition) for K-12

Districts, Schools, Users:
  • Fewer Accounts
    • Password Management
    • Better User Experience
    • Single Sign On (SSO)
  • Easier Application On-boarding – simple to extend once implemented
  • Better security and access to an increasing number of Cloud Services (use case)
  • Licensing costs controlled - More accurate count of actual users (via federated access)
  • Security
    • Better control over user Credentials (username/password)
      • Active/Inactive accounts
      • Management of users’ privacy or information exchanged
    • Fewer Firewall “holes” needed (opened for vendor access to LDAP data)
    • Passwords not transmitted to vendor/application sites to authenticate
    • Much easier to disable a User (one place, rather than searching for accounts)
    • User data is neither stored at nor transported to vendor sites
  • Consortium purchasing (licensing)
  • SLC/SLI (Shared Learning Collaborative/Shared Learning Infrastructure)
State-level (DOE/DPI):
  • Opportunity for consortium buying
  • Shared Applications
    • External (common vendor apps – LMS, Library Services, Learning Object Repositories, etc.)
    • Internal (state-wide applications)
  • Collaboration made easier
    • Shared Wiki spaces
    • Access to limited/costly resources through Federated Login
    • Between different communities of practice
      • Community Colleges – High school early access
      • Other Higher Education institutions
        • Research
        • Services
        • School Districts
  • Virtual Public Schools (Online Learning)
    • Similar issues to Distance Education
    • Federated access possible from “home school/district”

Challenges

  • K-12 Districts don't have FIM "high" on their lists of projects (maybe top 10)
    • Major needs/projects are likely to be "district-focused"
    • Districts won't benefit as much from FIM on their own
  • The bigger benefits are realized when coordinated at the State level (or higher)
    • Shared learning infrastructure
    • Consortium buying
    • State-wide licensing of multi-tenant Cloud Services
    • State-specific (required) "federated" applications/services
  • The effort to implement FIM is frequently too great for a single district to manage
    • The coordination, leadership and funding "likely" needs to be done at a state level
    • Partnerships of InCommon/Regionals/State Departments of Education could help
    • IAM backend systems do not always exist or may be incomplete
    • Technical Expertise/Knowledge of local IT Staff may be limited
    • Lack of Federation knowledge
    • Shibboleth, other Federation Software may be a challenge to implement
    • Java developer skills may be lacking
    • Existing staff may already be overloaded
    • Cost of Federation membership ($)
  • Availability of client machines for all students (1:1)?
    • Currently not a given
    • BYOD/T (Bring Your Own Device/Technology)
    • Next few years may see a higher percentage of K-12 students with client devices
  • Trust/Legal Issues of participation
    • Students are minors (can’t agree to release PII on their own)
    • Effort to seek oversight approval may limit interest
  • Level of Assurance (LoA) of the credential
    • Account/username/password issuing process
    • Identity-Proofing – tied to the credential
  • New Attributes needed?
    • Grade (K-12)
    • Age-specific
      • 13 or older (“Age of Reason?”)
      • 18 or older (Able to make some decisions on their own?)
    • School Type
      • Elementary School (K-5)
      • Middle School (6-8)
      • High School (9-12)
  • Parent/Guardian Access
    • Approvals
    • Waivers
    • Access (via student, others, legal guardian) to grades, schedule, other information
    • Ability to update student information? (Bio/Demographic data?)
  • Regulatory Concerns:
    • FERPA - Family Educational Rights and Privacy Act (1974, 2008?)
      • Access to student data, grades, etc.
    • CIPA - Children's Internet Protection Act
    • COPPA - Children's Online Privacy Protection Act (1998)
    • HIPAA Health Insurance Portability and Accountability Act (1996)
    • Protected Health Information (PHI)
  • Additional Security?
  • Leadership/Champions in the K-12 space
  • Number of K-12 focused, SAML-enabled services (vendor applications)

Possible K-12 Federation Options

  • District or State-Level IdPs
    • How would (could) a state-wide IdP work?
      • Much more granular OU than in Higher Education
      • Scoping of ePPN (eduPerson Principle Name)
      • How does this tie in with an IIS and the national SLC effort?
      • Should there be follow up (outreach) with the Shibboleth and InCommon folks?
    • Who would run IdP(s)?
      • State Dept of Education
      • Regional IdPs (throughout the state)
      • R&E Network Providers (RONs, Regionals)
      • State University Systems
  • Are there enough differences to warrant a separate K-12 Federation?
    • K-12 applications vs. Higher Education applications
    • Attributes and Attribute Release Policies (ARPs)
    • Regulations (state and federal) and Security (K-12 students are minors)
    • Shared Infrastructure - National K-12 Federation?
  • Inter-federation with InCommon?
  • Is this an InCommon Problem/Concern?
    • Pricing for K-12
    • Inter-federation vs. a single federation
    • K-12 Issues (see above)
    • Dilution of SP pool? (or "too much" for vendors to work with multiple federations)
    • Need to participate in multiple federations and inter-federate, OR participate in a single federation and have subsets of metadata (K-12, HE, etc.)?

Use Cases

  • Good set of example Use Cases for using Federated Identity Management (FIM).
  • (Review what constitutes a "Use Case" vs. a "Benefit")
  • See a description of Use Cases at bredemeyer.com (The Architecture Discipline - Bredemeyer Consulting)

Case Studies

Existing K-12/K-20 FIM implementations

Next Steps

  • This Roadmap
  • Outreach to vendors
  • Coordination with state departments of education
  • Possible outreach to regional broadband providers
  • National coordination (Federal DOE)
  • No labels