A Roadmap to K-12 Federated Identity Management
For information about authenticating to this wiki so you can edit here, see Getting access to the Internet2 federated wiki.
Introduction
Write up on K-12 Federation versus Higher Education?
Terminology
See Glossary
Use Cases
Good set of examples for using Federated Identity Management (FIM):
- Review what constitutes a "Use Case"... (versus a Benefit)
Case Studies
Existing K-12/K-20 FIM implementations
Benefits (Value Proposition) for K-12
Districts, Schools, Users:
- Fewer Accounts
- Password Management
- Better User Experience
- Single Sign On (SSO)
- Easier Application On-boarding – simple to extend once implemented
- Increasing use of Cloud Services (use case)
- Licensing costs controlled - More accurate count of actual users (via federated access)
- Security
- Better control over user Credentials (username/password)
- Active/Inactive accounts
- Management of users’ privacy or information exchanged
- Fewer Firewall “holes” needed (opened for vendor access to LDAP data)
- Passwords not transmitted to vendor/application sites to authenticate
- Much easier to disable a User (one place, rather than searching for accounts)
- User data is neither stored at nor transported to vendor sites
- Better control over user Credentials (username/password)
- Consortium purchasing (licensing)
- SLC/SLI (Shared Learning Collaborative/Shared Learning Infrastructure)
State-level (DOE/DPI):
- Opportunity for consortium buying
- Shared Applications
- External (common vendor apps – LMS, Library Services, Learning Object Repositories, etc.)
- Internal (state-wide applications)
- Collaboration made easier
- Shared Wiki spaces
- Access to limited/costly resources through Federated Login
- Between different communities of practice
- Community Colleges – High school early access
- Other Higher Education institutions
- Research
- Services
- School Districts
- Virtual Public Schools (Online Learning)
- Similar issues to Distance Education
- Federated access possible from “home school/district”
(Your thoughts here)
Challenges
- Accuracy of IAM backend systems
- Technical Expertise/Knowledge of local IT Staff
- Federation knowledge
- Shibboleth, other Federation Software
- Java developer skills
- Potentially beyond the level of experience available in many school districts
- Trust/Legal Issues of participation
- Level of Assurance (LoA) of the credential
- Issuing process
- Identity-Proofing
- Cost of Federation membership ($)
- K-12
- Students are minors (can’t agree to release PII on their own)
- New Attributes needed?
- Grade Level (K-12)
- Age-specific
- 13 or older (“Age of Reason?”)
- 18 or older (Able to make some decisions on their own?)
- School Type
- Elementary School (K-5)
- Middle School (6-8)
- High School (9-12)
- Parent/Guardian Access
- Approvals
- Waivers
- Access (via student) to grades, schedule, other information
- Ability to update student information? (Bio/Demographic data?)
- Regulatory Concerns:
- FERPA - Family Educational Rights and Privacy Act (1974, 2008?)
- Access to student data, grades, etc.
- CIPA - Children's Internet Protection Act
- COPPA - Children's Online Privacy Protection Act (1998)
- HIPAA Health Insurance Portability and Accountability Act (1996)
- Protected Health Information (PHI)
- Additional Security?
- FERPA - Family Educational Rights and Privacy Act (1974, 2008?)
- Leadership/Champions in the K-12 space
- Number of K-12 focused, SAML-enabled services (vendor applications)
Next Steps
- This Roadmap
- Outreach to vendors
- Coordination with state departments of education
- Possible outreach to regional broadband providers
- National coordination (Federal DOE)