The user is in control

Just a quick nod to Andy Powell’s post yesterday about Identity in a Web 2.0 World. As I’ve said before, I’m trying to catch up with the issues Andy discusses and develop them into a blueprint for the Mozilla/Creative Commons/P2P University Open Education course, I am participating in.

Andy writes:

…identity in a Web 2.0 world is not institution-centric, as manifest in the current UK Federation, nor is it based on the currently deployed education-specific identity and access management technologies.  Identity in a Web 2.0 world is user-centric – that means the user is in control…. The important point is that learners (and staff) will come into institutions with an existing identity, they will increasingly expect to use that identity while they are there (particularly in their use of services ‘outside’ the institution) and that they will continue using it after they have left.  As a community, we therefore have to understand what impact that has on our provision of services and the way we support learning and research.

I am therefore reassured that my blueprint outline is not completely off the wall:

University students are at least 18 years old and have spent many years unconsciously accumulating or deliberately developing a digital identity. When people enter university they are expected to accept a new digital identity, one which may rarely acknowledge and easily exploit their preceding experience and productivity. Students are given a new email address, a university ID, expected to submit course work using new, institutionally unique tools and develop a portfolio of work over three to four years which is set apart from their existing portfolio of work and often difficult to fully exploit after graduation. I think this will be increasingly questioned and resisted by individuals paying to study at university.

My proposal is to show there are existing technical solutions which would allow an individual to register as a student at a university, provide the institution with their Facebook, Google, Yahoo!, OpenID, etc. identification and from then on, the student uses their existing ID to authenticate against any university online resource. There’s an example of how this might happen in the JISC Review of OpenID, which describes one of the project aims as the development of

bridging software that will allow OpenIDs from any source to be used as identities within the production UK (SAML) federation.

The University of Kent host a demonstrator of this OpenID-to-Shibboleth bridge.

The other aspect of my blueprint is institutional support of a Personal Learning Environment (PLE). I am suggesting that the WordPress Multi User platform is one technology that could support the characteristics of a PLE, being: ((Taken from, Personal Learning Environments: Challenging the dominant design of educational systems. Scott Wilson, Prof. Oleg Liber, Mark Johnson, Phil Beauvoir, Paul Sharples & Colin Milligan, University of Bolton. 2006))

  • Focus on coordinating connections between the user and services
  • Symmetric relationships
  • Individualized context
  • Open Internet standards and lightweight proprietary APIs
  • Open content and remix culture
  • Personal and global scope

The PLE implementation which I have in mind is not, like the VLE, a monolithic system but rather a platform which aggregates and co-ordinates external user-centric services into a coherent learning environment. It is a parasitic system, feeding off content from existing online services such as blogs, social bookmarking, wikis and social networks, but also a rewarding environment which supports and develops the student’s existing portfolio ((In many ways, I am thinking of ‘Identity’ and ‘Portfolio’ as being largely synonymous during the student’s period of study.)) throughout their period of study.

I’ve shown how WordPress can aggregate and archive course activity, how it can enhance the discovery and connectivity of an individual’s and institution’s online profile through the addition of semantic-web-enabling plugins, how it can syndicate filtered content to other internal and external systems (through the use of feed2js, it can also syndicate content to legacy systems like Blackboard, which don’t support embedded web feeds). I’ve also shown that it can support a lightweight social network that integrates with an institution’s LDAP/Active Directory authentication system, and that social network can be OpenID enabled, allowing users to optionally link their OpenID to their WordPress/LDAP account and login via OpenID instead. ((I’ve tested this with DiSo’s OpenID plugin, which works in principle, but I suspect that once set up, the OpenID login for the specified account, completely bypasses the LDAP authentication. Surely just a small amount of development would provide tighter integration. Incidentally, a Shibboleth plugin (by the same author of the OpenID plugin) for WordPress also exists.))

Finally, the institutional and wider benefits to the public can be found when the cumulative data of the platform is itself aggregated into a structured site that enables discovery and re-use of content. An example of this is our Community Posts site, and I have also previously discussed the potential development and exploitation of this resource. Designed and licensed carefully, such a site could provide open educational resources at both user and programmatic levels.

So what empowers the user/student and puts them in control? Data-Portability and Creative Commons licensing? ((Actually, I’m starting to think that CC licensing is little more than an interim step to a better understanding of ‘data’. See ‘You don’t nor need to own your data‘ When knowledge is transmitted online, every aspect of its representation is in a form of data. Both information and instruction become ‘data’ – isn’t it backwards to think of knowledge in terms of something ‘owned’ Do you think of instructional methods as ‘yours’?)).

9 Replies to “The user is in control”

  1. Hi Joss. A really interesting post and a very interesting approach that I think you should definitely take forward. A couple of ideas that you might want to think about:

    – be cautious on the ‘their existing ID’. Students will probably have a google ID and a facebook ID and a hotmail ID…will they have a preferred route and which ones will you support?
    – there is quite a lot of work going on over in Europe to allow the use of twitter IDs, Google IDs, Facebook IDs with federations that you might want to look at. Don’t forget, Shibboleth is often not used as the authentication mechanism but as a way of plugging in SAML so adding alternative authentication mechanisms is quite easy.
    – affiliation is an unavoidable fact for access to many resources. We need to think about how affiliation can be successfully added and most importantly revocated from user-managed identities for this approach to work on an institution wide scale.
    – don’t create a new access / identity management silo. Yes, the student may be able to use their personal ID to access OERs or a PLE…but if they still have to use an institutional password for access to their e-mail / network / student record system / library resources then we haven’t solved a problem…we’ve just moved a set of resources from one identity silo to another.

    I hope that doesn’t sound too negative as I am very supportive at looking at the boundaries of user-centric / organisation-centric identities and pushing them. I also think platforms like wordpress are excellent examples of how multiple identity access routes can be used. I just think that it is important for identity management to be driven by an institutional strategy.

    1. Thanks for your encouraging feedback, Nicole.

      In my mind, I imagine a situation where a student is able to authenticate against something like RPX which allows them to use an OpenID, Google, Yahoo, Facebook, etc. ID and is associated with whatever kind of user directory the institution is maintaining. I’ve contacted Janrain and RPX does work with Active Directory, so it seems feasible.

      With something like RPX, we could provide similar single-sign-on support as students would be used to finding elsewhere on the web, supporting a variety of third-party credentials.

      Do you have any links to the work that is happening in Europe?

      Is the affiliation a problem that the user needs to ever know about? Can the existing mess of access across the HE sector continue but with something like RPX making it transparent to the user, who is signed in with a third-party ID that is associated with whatever method of ‘backend’ directory the institution has adopted?

      My work is experimental. I’ve no intention of providing an alternative form of identity management that isn’t adopted across the whole institution 🙂

      As you can tell, I’m pretty new to this and probably don’t understand the complexity of it. Have you looked at RPX as a way to bridge an existing user ID with an institution’s identity management system?

  2. I really like RPX and it would be interesting to see some project work on this in the upcoming access and identity management programme from JISC.

    I’d point you to Feide for some really interesting work areas looking at where federation and user-centric crossover: http://rnd.feide.no/. If you click the ‘login’ button on Feide’s Foodle, you get a lot of the user-management issues of dealing with multiple federations: https://foodle.feide.no/.

    There are still huge issues with a) account linking across the institution-centric and user-centric sphere, and b) brokering affiliation without creating huge user interface mush and dubious exchanges of personal data across domains. I’d love to see more work in this area 🙂 Shintau has done some initial work in this area…but still a long way to go: http://access.jiscinvolve.org/shintau-account-linking-and-attribute-aggregation/.

  3. Thanks, Nicole. There’s genuine interest within our IT dept. in looking at something like RPX here at Lincoln. When can we expect the ‘upcoming access and identity management programme’ to run? I can’t see an announcement about it on the JISC site.

  4. Yes, I’ve mucked around with ScholarPress but it doesn’t work properly on WPMU. I’m sure it’s nothing major, but it’s not high on the developer’s priorities right now and not something I can fix.

Comments are closed.