InCommon Federation Discussions About Online Student Services

["RL 'Bob' Morgan" <>]

Here's a question I've been pondering a bit this week while trying to 
write up some use cases.

One of the benefits we evangelize with the federated approach in general 
and Shibboleth in particular is the ability for institutions to protect 
the personal privacy of users using these methods.  There are a few 
aspects to this.  One is that the institution, acting as an identity 
provider, only sends the information that a third-party needs at 
authentication time to make an access decision.  Another is that instead 
of always needing to send a well-known identifier for the user (netid, 
email address, student id #, etc), the institution can send temporary or 
made-up-for-the-purpose identifiers to a federated service.  This prevents 
"SSN syndrome" where one identifier can be used to correlate someone's 
behavior across many services.

These methods generally support an institution's interest in keeping 
personal data well-guarded inside the institution, only letting it out for 
particular purposes, while still obtaining the benefits of secure 
user interactions with external partners.

I have been wondering, though, whether these benefits make sense in the 
desired future world of more integrated and universal exchange and 
tracking of student records.  What I hear sometimes, for example in the 
NSC discussions, is that what institutions want is a consolidated view of 
a student's record covering as many aspects as possible, from elementary 
through graduate and beyond, so as to assess progress, track outcomes, 
etc.  Following this, it could be that what we'd like is a single student 
number that is assigned in pre-school, and maintained all the way through, 
permitting records correlation across the board.  An identity management 
goal could be simply to make sure that the right number stayed with the 
right person throughout.  Beyond this, a single central repository for all 
records, correlated by this number, would make access convenient for all 
institutions.  I think (with my limited experience in this area) that 
these considerations are independent of FERPA, since all the parties 
accessing the data would be legitimate (institutions, lenders, etc).

This has (to me at least) an Orwellian feel to it.  But arguing against 
the universal student identifier/repository implies that a student (or 
parent) has a right to withhold access to some records, or to create a new 
identity somewhere along the way, detached from previous records.  If this 
is done, say, to avoid loan repayment, then that's a bad thing.  But are 
there cases where a person should be able to hide their educational past?

I'm sure there is discussion in the student records community about these 
issues.  Obviously similar discussions happen in general society regarding 
national ID cards, use of SSN, rights to control records access, etc. 
Partly that's why I ask, because in society in general there is often a 
strong notion that personal information should be kept private unless 
explicitly released.  Yet what I hear in student records discussions is 
about more access and better correlation, supporting legitimate 
educational purposes.

So I'm wondering whether the institution-centric, user-privacy-centric 
benefits of federation are actually selling points to the registrar 
community.

Comments?

 - RL "Bob"