Versions Compared

Old Version 35

changes.mady.by.user Mark Scheible (mcnc.org)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

HTML
<style>
.panel {
width:50%;
}
</style>

Panel

When it comes to Federated Identity Management (FIM) and K-12 there are many places to begin the conversation.  Since this document is described as a “Roadmap”, one can safely assume that somewhere there are people who want to implement federated access for their school district, for all districts in their state, or nationally, or there wouldn’t be a need for a roadmap.  Higher education has been working on FIM for nearly a decade.  And while participant growth in the InCommon Federation (the US national identity federation for research and higher education) continues to gain momentum - doubling roughly every year, it’s taken a while for institutions to understand the value proposition(s) for implementing federated identity management.  In fairness, the benefits to using FIM have continued to evolve and blossom over the last few years, so as school districts begin to migrate to a growing number of “cloud” applications and resources for instance, finding a simple and secure way to access these “external” services becomes a priority.

Many school districts are already using a mix of locally run, vendor-hosted and Cloud SaaS resources.  Many of these require a separate username and password to be accessed, which results in K-12 teachers and students needing to remember and manage all these accounts.  This may be the biggest value proposition for the end user – “single sign on”.

The following sections capture the Benefits, Challenges, Federation Options, Use Cases, Case Studies and Next Steps for K-12 Federation.  Please feel free to add your own to the list!

Benefits (Value Proposition) for K-12

...

  • Fewer Accounts
    • Password Management
    • Better User Experience
    • Single Sign On (SSO)
  • Easier Application On-boarding – simple to extend once implemented
  • Better security and access to an increasing number of Cloud Services (use case)
  • Licensing costs controlled - More accurate count of actual users (via federated access)
  • Security
    • Better control over user Credentials (username/password)
      • Active/Inactive accounts
      • Management of users’ privacy or information exchanged
      • User data (attributes) released are controlled by the institution
    • Fewer Firewall “holes” needed (opened for vendor access to LDAP data)
    • Passwords not transmitted to vendor/application sites to authenticate
    • Easier to enable a user and grant entitlements (theoretically in one place)
    • Much easier to disable disable a User user (one place, rather than searching for accounts)User data is neither stored at nor transported to vendor sites
  • Consortium purchasing (licensing)
  • SLC/SLI (Shared Learning Collaborative/Shared Learning Infrastructure)

...

  • District or State-Level IdPs
    • How would (could) a state-wide IdP work?
      • Much more granular OU than in Higher Education
      • Scoping of ePPN (eduPerson Principle Name)
      • How does this tie in with an IIS and the national SLC effort?
      • Should there be follow up (outreach) with the Shibboleth and InCommon folks?
    • Who would run IdP(s)?
      • State Dept of Education
      • Regional IdPs (throughout the state)
      • R&E Network Providers (RONs, Regionals)
      • State University Systems
  • Are there enough differences to warrant a separate K-12 Federation?
    • K-12 applications vs. Higher Education applications
    • Attributes and Attribute Release Policies (ARPs)
    • Regulations (state and federal) and Security (K-12 students are minors)
    • Shared Infrastructure - National K-12 Federation?
  • Inter-federation with InCommon?
  • Is this an InCommon Problem/Concern?
    • Pricing for K-12
    • Inter-federation vs. a single federation
    • K-12 Issues (see above)
    • Dilution of SP pool? (or "too much" for vendors to work with multiple federations)
    • Need to participate in multiple federations and inter-federate, OR 
    • Participate OR participate in a single federation and have subsets of metadata (K-12, HE, etc.)?

...

Existing K-12/K-20 FIM implementations

Next Steps

  • This Roadmap
  • Outreach to vendors
  • Coordination with state departments of education
  • Possible outreach to regional broadband providers
  • National coordination (Federal DOE)