baltic it&t, riga 2007 identity management within the educational sector in norway
DESCRIPTION
Baltic IT&T, Riga 2007 Identity Management within the educational sector in Norway. Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education and Research [email protected]. Identity Management (IdM). Identity management is a broad administrative area that deals with - PowerPoint PPT PresentationTRANSCRIPT
Baltic IT&T, Riga 2007
Identity Management within the educational sector in Norway
Senior Adviser Jan Peter Strømsheim, Norwegian ministry of Education and Research
2 Norwegian Ministry of Education and Research jps/20070419
Identity Management (IdM)
Identity management is a broad administrative area that deals with – identifying individuals in a system (such as a
country, a network, or an enterprise) and – controlling their access to resources within
that system by • associating user rights and restrictions with
the established identity.
3 Norwegian Ministry of Education and Research jps/20070419
4 Norwegian Ministry of Education and Research jps/20070419
ICT trends: Usage in education
• All Norwegian universities and colleges are online since 1992
• Currently all students in higher education use e-learning– Tracking learning, tracking teaching– Personalization requires stronger central ICT
systems• Traffic grows exponentially
• Above 95% of all primary and secondary schools are on-line
• Upper secondary schools – 55 students pr 100 PC– LMS and digital learning resources
• Compulsory education – 21 students pr 100 PC
5 Norwegian Ministry of Education and Research jps/20070419
New National Curriculum in
Primary & Secondary
Education from 2006• Basic skills as basis for all
learning and development.
• The ability to– express oneself orally – read – express oneself in
writing – do arithmetic – use information and
communication technology
• ICT is integrated in all subject areas being part of the curriculum
Report No. 17 (2006–2007) to the Storting:An Information Society
for All
• Three preconditions in particular form the basis for the government’s commitment to digital inclusion: – Digital access, – Universal design and – Digital skills.
• Provisions must be made for identity management for primary and secondary education based on the Feide project.
6 Norwegian Ministry of Education and Research jps/20070419
FEIDE – Federated Electronic Identity for Norwegian Education
• FEIDE is a non-commercial identity management federation for people in education
• FEIDE is technology and plattform agnostic• FEIDE offers guidelines and policy for campus
identity management• FEIDE-names are valid for all education services, and
may be used internally, for community services and with educational related services
7 Norwegian Ministry of Education and Research jps/20070419
Why federate?
• Users and home organizations and service providers need to exchange information
• Trust establishment• Information exchange• Policy• Technology
Federations:• authenticate• enforce information
flow policy• privacy control• security• trust establishment
8 Norwegian Ministry of Education and Research jps/20070419
Business drivers for Feide
• End user: one username, one password• Each educational institution benefits from
– Local dataflow clean-up– Overview and control of services– Common guidelines, requirements and
best practice for identity management• University, college or school as Service
Provider benefits– Easy integration of non-local users– Data protection contracts and guidelines
• Common shared services benefit from– Integrated user space– Data protection contracts and guidelines
9 Norwegian Ministry of Education and Research jps/20070419
10 Norwegian Ministry of Education and Research jps/20070419
11 Norwegian Ministry of Education and Research jps/20070419
Feide login
• User tries to access service• Service transfer user to Feide
login• Authentication is done at
campus– Local authentication point– Local control over
information• Authentication is confirmed
with the service, possibly with attribute release– Attribute release
controlled by user, governed by contract
12 Norwegian Ministry of Education and Research jps/20070419
• “Hei! I am Maia – a freshman student” (Identity)
• “…this is my FEIDE name and password to prove it (Electronic identity)
(Authentication: is this the right person?)
• “I want to delete a file in my Virtual Learning Environment”
(Authorization : Maia can use the services she is supposed to have access to)
• “And I would like to change my midterm exam B into A”
(Authorization : Stop Maia from using a service she is not supposed to have access to )
Dalen skoles LMS
LMS-et
Maia
********
Dalen skole
Dalen skoles LMS
LMS-et
Maia
********
Dalen skole
Dalen skole
Maia
Dalen skole
Maia
Studying today…
13 Norwegian Ministry of Education and Research jps/20070419
CleanIT, the User Management System (BAS) process
• Identify key data• Identify who is reponsible for
– Initial data– Data updates– Data removal
• Organizational process– Move data maintenance out of the IT department– Enable Human Resource and Student Management
staff to do their jobs better• Student registry: FS or MSTAS• HR/payroll system: rolling in SAP, currently
shared systems across several institutions
14 Norwegian Ministry of Education and Research jps/20070419
Benefits:
Campus/Institution Identity Provider
• Authoritative quality for all affiliated users
• Control of information flow for all affiliated users
• Enhanced user management simplifies and automates business processes
• Federated login provides access to services
• One contract with Feide eliminates bi-lateral contracts with all service providers
Service Provider• Access for all Feide users• No local administration of user
database• Feide handles login and gives high
quality data about users• One contract with Feide eliminates
bi-lateral contracts with all identity providers
User• One username• One password (or other credential)• Do not need to register information at
each service, automatic updates from campus information
• Informed consent for personal data transfer
• Familiar log-in page may increase security
15 Norwegian Ministry of Education and Research jps/20070419
Identity management for education• Feide since 2000 (initially higher education)
– Operational login service since 2003– Universities and university colleges: 2003 - 2006(7)
• Schools and Feide
– Participation decided by Ministry of Education early 2006
– Identity management should be available by 2008 for all schools
• Strong campus identity management efforts– Universities and colleges develop and deploy IdM
software– Organizational process: identify responsibilities and
enforce routines for processing personal information– Supporting the Personal Data Act
• Operational service providers (current: 23)
16 Norwegian Ministry of Education and Research jps/20070419
• Feide operates with – One Identity Provider (central login service)– Many Authentication points (one at each educational
insitution)• Attribute release is important
– Feide-name valid only in organizational context– What school, affiliation, group, address, NIN, unit?– Provisioning: started PIFU standardization effort
• Cross-federations needed (imply IdP chaining)– National: MyID for public sector– Nordic: Kalmar Union for higher education and
research– International: eduGAIN, InCommon?
• Service Oriented Architecture– Services talk on behalf of user to mediate content
delivery
17 Norwegian Ministry of Education and Research jps/20070419
The way ahead -technical
• Consolidating BAS (user management system) for user management– Technical solutions
• Policy and regulations– Giving access to someone I do not
control?• Interfaces
– XML definitions for import/export– LDAP based on eduPerson/noredu*
• Available software is improving
18 Norwegian Ministry of Education and Research jps/20070419
2010
100 %
90 % 100 %
50 % 80 %
Upper secondary Education
Primary and Lower
Secondary Education
75 %
2006 2007 2008 2009
• 7 universities, 46 university colleges (210 842 persons)
– +70% of students/others use FEIDE
• Primary, Lower and Upper Secondary Schools
– 865 000 pupils, teachers + pluss parents– 454 upper secondary schools owned by 19 regions– Around 3100 schools owned by 430 municipalities
19 Norwegian Ministry of Education and Research jps/20070419
The way ahead -organizational
• Higher Education – FEIDE is on track The challenge: Primary and Secondary Education• We need the important stakeholders onboard
– the Business Associations of Norwegian knowledge- and technology based enterprises,
– the Union of Education, – The Norwegian Association of Local and Regional
Authorities, – The National Parents’ Committee for Primary and Lower
Secondary Education
• Political and financial backing– FEIDE is recognized by the Government as the IdM for
Education in Norway– Funding is allocated on an annual basis
20 Norwegian Ministry of Education and Research jps/20070419
More information
• Information from Feide, including deployment status– http://www.feide.no/index.en.html
• Email for Feide:
• Questions for Jan Peter or Ingrid Melve
(leader of the Feide Project)