New resource helps ed-tech leaders with identity management


Federated IAM can ease the burden of juggling multiple log-ins within districts.

As district ed-tech directors discover new ways to integrate technology in their schools, “federated identity management”—having a common set of policies, practices, and protocols in place to manage the identity of users, and which applications they have access to—has become a way for ed-tech leaders to streamline and juggle users’ access to different resources.

A common way to do this is to provide single sign-on access for each user, meaning a single log-in would give users access to any resources they’re entitled to on the network. Now, a new primer from the Consortium for School Networking (CoSN) aims to help ed-tech leaders understand single sign-on, its role in identity management, and its benefits and challenges.

Single Sign-On, Multiple Benefits: A Primer on K-12 Federated Identity and Access Management” examines the movement toward federated identity management in education. The primer is part of CoSN’s 2011 Compendium and is available online free of charge.

“As the internet increasingly becomes the repository for resources and the foundation for interaction and collaboration, finding and gaining ready access to appropriate resources is an emerging challenge,” the report notes. “The more people rely on online resources, the more unwieldy it is to efficiently and effectively manage the gatekeeping mechanisms—different user names, passwords, eMail addresses and, for some sites, security questions.”

A typical K-12 school district might require separate log-ins for its student information system, transportation system, and library system. A district employee with authorized access to all three systems might have three user names and passwords, and all three systems would have the same authentication data pertaining to that specific district employee.

An identity and access management model would give that district employee a single sign-on for all three systems, without duplicating the authentication data three times.

Identity and access management (IAM) allows different levels of access to resources in a system (such as a school district network) based on different user attributes. In other words, users’ identities—and the restrictions that IAM places on those identities—determine how much information the user is allowed to access within the system. Users’ access levels can be changed or upgraded as they change positions within a school district, or as a student moves up through grade levels.

The Internet2 Middleware Initiative notes that IAM helps K-12 districts simplify and secure access to services, encourages collaboration through pre-established group membership to certain tools or services, and makes operations transparent by providing a single point of management for consolidated log-ins and access.

An IAM system can streamline a process by asking every user to answer a set of questions, such as whether the person is who he or she claims to be, what is known about the user, and what the user is allowed to access or do.

For instance, through a single sign-on, a teacher can access an online gradebook and all of its features, whereas the IAM solution knows that students signing into the same server are limited to the records portion of the gradebook in a read-only mode, prohibiting them from making any changes.

Federated IAM

Building off this, federated IAM enhances basic IAM with “a sophisticated yet simple infrastructure for managing a person’s multiple log-ons to access local and remote resources.”

Federated IAM works when a group of organizations—in this case, schools—form a federation and agree to interoperate using a common set of rules. The organizations also will post their authentication policies so that others who might want to join the federation can evaluate the policies. The group uses a standard set of attributes for each user, such as user name and affiliation, to determine what resources the user can access.

The technology is more sophisticated, according to the CoSN primer, because it uses “local credentials throughout the education lifecycles of students and educators, and because it assigns attributes that describe each person’s identity or role and enables resource holders to permit them to access specific resources.”

Ed-tech directors can control access to resources managed by a school or district, and the infrastructure also can supply identity data to other service providers, such as state education departments or libraries.

Using federated IAM, multiple educational institutions can come together and agree to recognize and accept attributes used by other institutions. For instance, a school district partnering with a local community college or library would allow high school students to enroll in college courses or access library materials using their school district sign-on.

The primer includes many ways in which schools can benefit from federated IAM:

  • Cost savings realized through joining a federation. Districts reduce administrative costs, as well as requests for help.
  • Improved effectiveness, efficiency, and security of managing and accessing online learning content. Through federated IAM, administrators can integrate new users and resources easier, and school districts can maintain higher security standards.
  • Increase in quantity, quality, and variety of available educational resources. Districts can access materials and resources from other K-12 districts, libraries, museums, or institutions of higher education. Materials might include eBooks, video, and multimedia.
  • Increased sharing and collaboration.
  • More instructional contact and time-on-task, including anytime, anywhere access, thus reducing delays in access to resources using single sign-ons.
  • Educators have access to online resources targeted to specific lessons or learning needs.
  • Federated IAM supports formative assessment, which informs teachers immediately as to student progress and gives educators time to adjust instruction

Using federated IAM, students can sign on to their school’s server and take tests or quizzes in a secure environment. Those performance data can be tracked and analyzed. Teachers use their own single sign-on to access test scores and information. Parents, too, use their single sign-on to stay up to date with their children’s progress.

North Carolina wanted to give its students access to statewide online resources, and a state task force spent two years developing a federated IAM system that would take advantage of the state’s broadband capacity and increasing cloud computing services.

The initiative involved the state’s Department of Public Instruction, representing the state’s 115 school districts; higher education systems, including 16 public universities, 36 private colleges and universities, and 58 community colleges; and two pilot K-12 school districts, David County Schools and Rockingham County Schools.

Three content and technology service providers participated as well: NC Live, the state’s online library service; MCNC, an independent research and education nonprofit; and Virtual Computing Lab, which provides remote access to high-end computers for researchers and students.

The North Carolina Federated Trust emerged from those efforts. Leaders are examining ways to expand licensing for a learning object repository to K-12 schools, as well as how to add museums, zoos, and other educational organizations to the federation.

Lee Cummings, director of technology at Rockingham County Schools, said in the CoSN report that federated IAM could greatly help the district manage identities and access to resources. Every service provider with which the district did business required its own fields of unique user names and passwords.

“Database management is a burden,” he said. But using federated IAM is helping the district ease that burden.

K-12 schools face some challenges when it comes to federated IAM, including:

  • Cultivating state, regional, and organizational participation
  • Administering participation
  • Developing legal agreements and policies
  • Meeting compliance requirements
  • Funding
  • Technology infrastructure and technical expertise

The primer is a joint effort of CoSN, EDUCAUSE, the Internet2 K20 Initiative, the InCommon Federation, and StateNets.

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Laura Ascione

Want to share a great resource? Let us know at submissions@eschoolmedia.com.

New AI Resource Center
Get the latest updates and insights on AI in education to keep you and your students current.
Get Free Access Today!

"*" indicates required fields

Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Email Newsletters:

By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

IT SchoolLeadership

Your source for IT solutions and innovations to support school-wide success.
Weekly on Wednesday.

  • Hidden
  • Hidden
  • Please enter your work email address.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.