Monday, 17 January 2011

Delivering Safe Systems

In the 21st Century, much of community life takes place in virtual environments. FacebookTwitterMSNText messaging are some examples. Within our mission to ‘build the kingdom’, we have an opportunity (or arguably a responsibility) to embrace these virtual communities and provide a Catholic vision for engaging in these communities 

Fig. 1

Townsville Diocese provides a closed learning environment for students. ‘Closed’ means:
  1. the services provided can be reset or removed from the student (or teacher) if inappropriate use is suspected or detected. Teachers have power to reset student passwords and DataJug admin at each school have the power to reset staff passwords;
  2. once a user is created in Maze, overnight they get their Datajug account and accounts to all 'closed' services. This means users do not have to self-register to 3rd party providers. Instead, the ‘system’ registers all staff and students and provides a single sign on to all supported services;
  3. access to Web-based communities and content is via a proxy and filter. This provides auditability and some level of filtering to services accessed at school.

The use of 'Open' Communities

In fig. 1 above, Facebook, Open Google and Flickr have a red cross because they represent ‘open’ communities on the web. That means we have no administrative control over these spaces. Google Apps, Blogger, AtomicLearning and MySuite have no cross because they are ‘closed’. They are deployed and managed by the ‘system’ and TCEO is responsible for setting up users, determining the features that are “on” or “off” by default, and the features students or staff can manipulate. Once set up centrally, students have their account and control over their space.  Using the DataJug interface, teachers and schools have the power to reset passwords or capture student accounts if inappropriate usage is detected. 

Google Apps
This suite means students have a rich set of tools to create, communicate and collaborate online within a ‘real world’ community space. But because this is a 'closed' deployment, if a student makes an error in judgement and uses their power to create inappropriately, the 'system' can go some way to protecting students from the consequences that come with being on the open web. Making the Google Apps suite available is therefore a conscious first step in our commitment to educating staff and students about being ‘Catholic’ in online communities.

Policy Implications
Following from this notion of 'open' and ‘closed’:
    1. Schools should not be asking students to give their details online or to register with open systems. That means teachers should not be expecting students to use Open Google, Facebook or other open, unmanaged web suites, nor should they be using these communities to engage with students.
    2. No school should be providing internet access that does not pass through the CENet filter. The filter is coupled with a proxy service that allows us to audit (down to IP address or user id) activity on the internet.
    3. No school should be providing internet access that masks the user from the proxy. We want to be able to audit usage by user. More importantly we want users to take responsibility for their actions on-line.
    4. No school should be providing internet access that supports the use of generic internet accounts (eg. Username: prep; password:prep). Anonymity in on-line communities is a recipe for disaster.
    5. It must be as easy as possible for a student to "change their own password". Why? When a student says, "But that wasn't me.... jsmith knows my password", we need to be able to say "Why didn't you change it?". If we are expecting students to manage their own identity,  then changing passwords quickly as soon as one suspects it has been compromised, is an essential capability for the user. 
Efficiencies for managing connected systems.

TCEO aims is to offer a range of systems which use the same username and password for access. Once CENet completes its identity store and integration service, the user will only need to log in once and they will be allowed automatic pass through to any of the systems offered as part of the ‘closed’ suite. Identities cannot simply be generated at a school any longer. The uniqueness has to be at a diocesan, CEnet or even CNA level. As we look to collaborate with others further and further afield, carrying our identity into their portals becomes so much easier if we have uniqueness at the highest levels.

Policy Implications
    1. Student and staff identities will be aligned with a standard for defining identities.
    2. If schools wish to deploy their own ‘closed’ systems, (eg. A deployment, Google Apps, Moodle etc) this needs to be done in consultation with TCEO so that issues of identity and automation can be considered. If you are an independent secondary school, this may all seem unnecessary... But the diocesan strategic vision is about positioning ourselves to contribute, collaborate and participate in National conversations. National Policy directions like the "E-Learning Business model" (still  in draft consultation), speak loudly to the creation of systems that support innovation at the edge. The paradox however, is that innovation at the edge will only be useful further up the chain, if it has been approached with some knowledge of the 'standards' and compliance requirements that govern a broader audience. 
    3. At this stage, using the data-jug identities when you requisition accounts, is the first requirement. That guarantees you uniqueness at the highest level we have to date (ie the Diocese).. 
    4. If you apply this thinking to teacher work and teacher sharing, we need to do a lot more to provide the necessary check-lists so teachers can feel confident that what they are creating can be moved to wider audiences without issues like "copyright" placing the organisation at risk.