Notes from Quilt InCommon Pilots BOF at Internet2 2014 Global Summit in Denver, April 10, 2014
http://meetings.internet2.edu/2014-global-summit/detail/10003268/
Attending (partial list)
George Laskaris, NJEDge.Net
Joe Reardon, NJEDge.Net
Scott Isaacson, Educational Service Unit Coordinating Council, Nebraska
Jordan Clark, Educational Service Unit, Nebraska
Bill Thompson, Unicon
APAN Representative
Ann West, Internet2
IJ Kim, Internet2
David Walker, Internet2
Dean Woodbeck, Internet2
Nate Klingenstein, Internet2
Emily Eisbruch, Internet2, scribe
DISCUSSION
Overview
Several regional partners, including NJEDge.Net and MCNC, encouraged InCommon to work with the regionals on establishing infrastructure to serve the K12 community. Wanted to establish and then follow national standards and structures
-InCommon started a working group to look at the issues.
-A workshop was held in Feb. 2013 that provided info and laid out a process to begin the effort to extend InCommon to these new constituents.
-Seven pilots were launched in 2013.
-Of the current pilots, Illinois and Nebraska are the most ambitious
-Others smaller scale, but sucessful and will do more in the next phase
-Read about the pilots at https://spaces.at.internet2.edu/display/InCQuiltFed/Home
-It became clear that the regionals would need to take on some of the work of the federation, such as for the registration authority.
Additional Efforts
The Quilt InCommon Pilot effort also involves currently active efforts looking at
1. Federation Partnership Business models. See http://tinyurl.com/ky2r5wl and
2. Coming up with the right structure for metadata
Nebraska Pilot (Scott Isaacson)
-Working to align the work and break down silos
-Did not receive grant funds; resources are somewhat tight
-want to work efficiently and keep things simple, so the effort can be sustained and managed.
-Building the model for how data and applications come together and how to handle access.
-Bernie (with the Illinois Pilot) has done more with the model. Nebraska hopes to follow the model Illinois has developed.
-Mission right now is to educate the districts.
- we want to service small and large districts.
-Have a WG, have a test federation, have some districts participating
-Working on who should take on the role of the registration authority.
.-One of the 1st applications is the state data dashboard system, working with the ED-FI framework
-9 school districts are working with that.
-Looking at LMS 's and that would be another application on the federated platform
comment: imporessive how Nebraska is getting the agencies to align.
-For the smaller pilots, to go to the next step and get the whole state inviolved will be a challenge
Illinois Pilot
https://spaces.at.internet2.edu/display/InCQuiltFed/NCSA+and+IlliniCloud
Illinois has worked as a consortium of school districts
Coordinated by NCSA and U of Illinois
There are 35 districts and 2-3 data centers
-have received some grants, including from State Farm Insurance and Race to the Top.
http://www.isbe.state.il.us/%5C/racetothetop/default.htm
-The model features a hybrid identity service, the Illini Cloud. A district can subscribe to that rather than operate their own IDP.
This is a scalable architecture.
Unicon and Aegis Identity have been important partners in the Illinois project
-There has been controversy with the InBloom model. Illinois cooperated and addressed some of the concerns. Illinois is using the InBloom framework and hosting it locally within Illinois.
-InBloom is creating a framework (like EDFI) for mapping of data nad relating it and presenting it back to applications as a framework
=====
MCNC Pilot (Mark Scheible)
https://spaces.at.internet2.edu/display/InCQuiltFed/MCNC
MCNC has a large K12 IdM project that is NOT under the Quilt InCommon Pilot umbrella.
The state IDM project is using a vendor providing a managed cloud IDM service
The vendor is Identity Automation: http://www.identityautomation.com/
Taking the data from students and employee and creating a person registry and AD in AWS
Fault tolerant, spread across 3 data centers
That environment is to give students the chance to plug into cloud services
There is a gateway SAML in front of that.
The MCNC statewide IDM project is moving along well.
The MCNC Quilt InCommon Pilot, this is a smaller project.
It involves a K12 district that has an early college / high school program at Davidson County Community College.
The Community College has recently joined inCommon.
The K12 district has been a sponsored partner in InCommon for 5 years.
The K12 is looking for ways to use their IDP more
The work now is to stand up a Moodle instance
The way Moodle works, they have one instance w a bunch of connection point for all their customers
Currently trying to get through the issues of getting the Moodle connection
Keith Hazelton stated: there are multiple Moodle instances at Univ Wisc-Madison
-and there is an effort at the engineering school to run an enterprise Moodel
-multi tenant Moodle instance
-could likely enlist some experts from UW-Madison to share their experience.
Mark: that would be interesting for the NC Education cloud project (the statewide project)
Statewide LMS is one of the goals
There's an RFP to select one
Some of the potential targets have been Canvas and Moodle
Jordon Clark, Nebraska: we had to spin up a lot of Moodle instances
- using MNET and using CAS
-it works well
eduPerson Schema Issues
Outcomes from MACE-DIR BOF on April 8, 2014 at Global Summit:
-Important Question: is the eduPerson schema sufficient for K12, Or do we need extensions or something different?
-KeithH made an important suggestion that we need real use cases
-MarkS has shared a use case for Discovery Ed, see https://spaces.at.internet2.edu/download/attachments/47153216/North+Carolina+Use+Case+for+K-12+Federation.pdf?version=2&modificationDate=1395687568248
-Nebraska and Illinois have said they will also share their use cases
-For example: certain vendors may require info on Grade Level or COPPA in order to grant access to resources.
-Once we have the use cases, then we can determine if eduPerson is sufficient
-MarkS will put together a short paper and a table to look at what is needed for an assertion for K12. This will present common attributes that are needed for K12.
-Ann, in Bernie's presentation, there was the concept of populating eduPerson entitlements with an URL
See slide #29 in this PDF:http://meetings.internet2.edu/media/medialibrary/2014/04/16/20140408-BAcs-FederatedServiceForK12.pdf
==============
Jordan Clark, Nebraska
- trying to come up with use cases – what is a Nebraska thing or what is a more general thing. Don’t have as many vendors, because taking do-it-yourself approach
- Don’t know why we couldn’t use eduPerson – we have our own schema, but could be translated to eduPerson and then remove our schema
- Two things that keep coming up: graduation year, COPA compliance
David Walker
- things you have to standardize are the things you have to exchange.
- Approach: UCTrust – defines attributes as need them. Developed a process for how we would define attributes. More agile, plus you are only defining attributes you need
The Nebraska in-house apps is a good use case. Describing schema and why you created the schema for your in-house apps would be valuable.
Federation Partnership Business Models
George – other question – relationship/responsibilities of regional network and InC.
- Pricing schedule
- Perhaps regional join InC and represent all the K-12s and community colleges
- Mark Scheible – looked at hub and spoke system
o need to determine how to bring the cost down for K12s and community colleges.
o Depends on what regional is capable of and is willing to assume
§ Registration authority – we already provide network access to K12s
§ Registering metadata on behalf of constiuents and managing that
§ Managing IdPs for constituents
§ Legal agreements – who will be responsible for extending trust from InC down to the school districts. Between the regionals and districts, who is responsible
o So many options – pilot with MCNC and InC to determine best approach. But depends on regional – some regionals don’t work with K-12, for instance. But our point to run one model to the ground
o Some things could be outsourced to an affiliate, if there are some things the regional does not have capability