« Journal articles, metadata formats and woes | Main | Making PURLs work for the Web of Data »

July 12, 2007

OpenID and education

In a post to the openid-general mailing list, Evan Prodromou proposes a simple rule of thumb about OpenID:

If your current registration validation system consists of email address verification or less, then OpenID is probably fine for you.

I think this rule of thumb covers well north of 95% of publicly-accessible Web sites. You can block individual bad behavers on a case-by-case basis, and you can block bad-boy servers that give out IDs to bad behavers (or that try to exploit weaknesses in OpenID implementations) in whole.

In response, I noted that the use of OpenID by educational institutions seems to be an interesting middle ground in that, in general, formal educational systems (i.e. those delivered within the campus or by external suppliers with whom there is a contractual relationship) fall outside the 95% email-based registration validation systems but we're seeing an increasing use by both students and staff of Web 2.0-type services that are inside the 95%.

I recently initiated (somewhat unintentionally it has to be said) a discussion on the jisc-middleware-development mailing list about the trust issues in a scenario where a lecturer sets a student a task of maintaining a blog which the student undertakes on an external blogging service using their institutionally-provided OpenID.  The question caused some debate (more debate than I was expecting).  By the end, I wasn't really sure that I was much the wiser.  I summed up the discussion as follows:

I posted a scenario that involved a lecturer (setting and assessing a task), a student (undertaking that task), an institution (acting as OpenID Provider and wanting to ensure the validity of any assessed work) and an external Web 2.0 blog service (where the task is actually performed).

I think this is a perfectly valid scenario, and one that will become significantly more common in the future.  I was at the Telling More Stories e-portfolio conference in Wolverhampton recently where a lot of the reported case studies around e-portfolios included scenarios very much like this.  I also think it is an area where a Shibboleth approach is weak, because of its lack of penetration into mainstream services outside the education sector.

I asked if using an institutional OpenID to sign into an external blogging service gives us sufficient confidence in whether a given student is submitting a given bit of work to be a viable way forward for institutions, given 'quality assurance' and other types of issues.

I think I heard both (implicitly) "yes, OpenID is OK in this scenario" and (explicitly) "no, don't touch OpenID with a bargepole, it isn't worth the plastic it's written on" type responses.

I'm still struggling to weigh up these responses.  I'm still struggling to understand if OpenID is useful/sensible in this scenario or not.

Note that my scenario in this case only goes part way towards what I think we'll actually see in the future, which is that students will turn up at university with an existing OpenID that they want to use (rather than using a university-provided OpenID).  But I think that the trust issues in that scenario are significantly more complicated, so I didn't want to raise it at this stage.

I'd be interested in people's views on the scenario presented above and more fundamentally on the question: Does OpenID provide an identity infrastructure that meets the needs of the education community?

Answers on a postcard please...


TrackBack URL for this entry:

Listed below are links to weblogs that reference OpenID and education:


The comments to this entry are closed.



eFoundations is powered by TypePad