Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway

Baltic IT&T, Riga 2007

Identity Management within the educational sector in Norway

Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education and Research

[email protected]

2 Norwegian Ministry of Education and Research jps/20070419

Identity Management (IdM)

Identity management is a broad administrative area that deals with – identifying individuals in a system (such as a

country, a network, or an enterprise) and – controlling their access to resources within

that system by • associating user rights and restrictions with

the established identity.


ICT trends: Usage in education

• All Norwegian universities and colleges are online since 1992

• Currently all students in higher education use e-learning– Tracking learning, tracking teaching– Personalization requires stronger central ICT

systems• Traffic grows exponentially

• Above 95% of all primary and secondary schools are on-line

• Upper secondary schools – 55 students pr 100 PC– LMS and digital learning resources

• Compulsory education – 21 students pr 100 PC


New National Curriculum in

Primary & Secondary

Education from 2006• Basic skills as basis for all

learning and development.

• The ability to– express oneself orally – read – express oneself in

writing – do arithmetic – use information and

communication technology

• ICT is integrated in all subject areas being part of the curriculum

Report No. 17 (2006–2007) to the Storting:An Information Society

for All

• Three preconditions in particular form the basis for the government’s commitment to digital inclusion: – Digital access, – Universal design and – Digital skills.

• Provisions must be made for identity management for primary and secondary education based on the Feide project.


FEIDE – Federated Electronic Identity for Norwegian Education

• FEIDE is a non-commercial identity management federation for people in education

• FEIDE is technology and plattform agnostic• FEIDE offers guidelines and policy for campus

identity management• FEIDE-names are valid for all education services, and

may be used internally, for community services and with educational related services


Why federate?

• Users and home organizations and service providers need to exchange information

• Trust establishment• Information exchange• Policy• Technology

Federations:• authenticate• enforce information

flow policy• privacy control• security• trust establishment


Business drivers for Feide

• End user: one username, one password• Each educational institution benefits from

– Local dataflow clean-up– Overview and control of services– Common guidelines, requirements and

best practice for identity management• University, college or school as Service

Provider benefits– Easy integration of non-local users– Data protection contracts and guidelines

• Common shared services benefit from– Integrated user space– Data protection contracts and guidelines


Feide login

• User tries to access service• Service transfer user to Feide

login• Authentication is done at

campus– Local authentication point– Local control over

information• Authentication is confirmed

with the service, possibly with attribute release– Attribute release

controlled by user, governed by contract


• “Hei! I am Maia – a freshman student” (Identity)

• “…this is my FEIDE name and password to prove it (Electronic identity)

(Authentication: is this the right person?)

• “I want to delete a file in my Virtual Learning Environment”

(Authorization : Maia can use the services she is supposed to have access to)

• “And I would like to change my midterm exam B into A”

(Authorization : Stop Maia from using a service she is not supposed to have access to )

Dalen skoles LMS

LMS-et

Maia

********

Dalen skole

Dalen skoles LMS

LMS-et

Maia

********

Dalen skole

Dalen skole

Maia

Dalen skole

Maia

Studying today…


CleanIT, the User Management System (BAS) process

• Identify key data• Identify who is reponsible for

– Initial data– Data updates– Data removal

• Organizational process– Move data maintenance out of the IT department– Enable Human Resource and Student Management

staff to do their jobs better• Student registry: FS or MSTAS• HR/payroll system: rolling in SAP, currently

shared systems across several institutions


Benefits:

Campus/Institution Identity Provider

• Authoritative quality for all affiliated users

• Control of information flow for all affiliated users

• Enhanced user management simplifies and automates business processes

• Federated login provides access to services

• One contract with Feide eliminates bi-lateral contracts with all service providers

Service Provider• Access for all Feide users• No local administration of user

database• Feide handles login and gives high

quality data about users• One contract with Feide eliminates

bi-lateral contracts with all identity providers

User• One username• One password (or other credential)• Do not need to register information at

each service, automatic updates from campus information

• Informed consent for personal data transfer

• Familiar log-in page may increase security


Identity management for education• Feide since 2000 (initially higher education)

– Operational login service since 2003– Universities and university colleges: 2003 - 2006(7)

• Schools and Feide

– Participation decided by Ministry of Education early 2006

– Identity management should be available by 2008 for all schools

• Strong campus identity management efforts– Universities and colleges develop and deploy IdM

software– Organizational process: identify responsibilities and

enforce routines for processing personal information– Supporting the Personal Data Act

• Operational service providers (current: 23)


• Feide operates with – One Identity Provider (central login service)– Many Authentication points (one at each educational

insitution)• Attribute release is important

– Feide-name valid only in organizational context– What school, affiliation, group, address, NIN, unit?– Provisioning: started PIFU standardization effort

• Cross-federations needed (imply IdP chaining)– National: MyID for public sector– Nordic: Kalmar Union for higher education and

research– International: eduGAIN, InCommon?

• Service Oriented Architecture– Services talk on behalf of user to mediate content

delivery


The way ahead -technical

• Consolidating BAS (user management system) for user management– Technical solutions

• Policy and regulations– Giving access to someone I do not

control?• Interfaces

– XML definitions for import/export– LDAP based on eduPerson/noredu*

• Available software is improving


2010

100 %

90 % 100 %

50 % 80 %

Upper secondary Education

Primary and Lower

Secondary Education

75 %

2006 2007 2008 2009

• 7 universities, 46 university colleges (210 842 persons)

– +70% of students/others use FEIDE

• Primary, Lower and Upper Secondary Schools

– 865 000 pupils, teachers + pluss parents– 454 upper secondary schools owned by 19 regions– Around 3100 schools owned by 430 municipalities


The way ahead -organizational

• Higher Education – FEIDE is on track The challenge: Primary and Secondary Education• We need the important stakeholders onboard

– the Business Associations of Norwegian knowledge- and technology based enterprises,

– the Union of Education, – The Norwegian Association of Local and Regional

Authorities, – The National Parents’ Committee for Primary and Lower

Secondary Education

• Political and financial backing– FEIDE is recognized by the Government as the IdM for

Education in Norway– Funding is allocated on an annual basis


More information

• Information from Feide, including deployment status– http://www.feide.no/index.en.html

• Email for Feide:

– [email protected]

• Questions for Jan Peter or Ingrid Melve

(leader of the Feide Project)

[email protected] [email protected]

Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway

Documents

Transcript of Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway