Why is identity management important for mobile learning in device ecologies? How can we tell, who is having mobile learning experiences with our apps? What are common strategies to overcome the identity challenge in mobile learning? How can we connect native apps to existing infrastructures, securely? This project summarises the technical and conceptual challenges with the results from the Swiss edu-ID Mobile App project. Presented on 13 Nov. 2018 at mlearn2018, Chicago, IL.
11. Stakeholders (students, lecturers, and support)
consistently report among the key barriers for using
mobile technologies:
- Lacking or difficult authentication
- Need for multiple accounts
- Poor integration with other systems and platforms
(primarily a problem for lecturers)
24. § Anonymous (do not care)
§ Passive pseudomization (unique personas)
§ Network restriction (it’s IT’s problem)
§ Code & Geo-location (people who are present)
§ User Token (my students)
§ Allow only trusted devices (control everything)
5 + 1 Strategies for Linking Mobile Devices
with Academic Cloud Infrastructures
25. § Anonymous
§ Passive pseudomization
§ Network restriction
§ Code & Geo-location
§ User Token
§ Allow only trusted devices
5 + 1 Strategies for Linking Mobile Devices
with Academic Cloud Infrastructures
Certification processes only
work with authenticated users
26. § Anonymous
§ Passive pseudomization
§ Network restriction
§ Code & Geo-location
§ User Token
§ Allow only trusted devices
5 + 1 Strategies for Linking Mobile Devices
with Academic Cloud Infrastructures
Bring Your Own Device
27. § SAML
§ Web-centric and monolithic solution
§ Long established and integrated
§ Complex data structures and handling
§ OAuth2
§ Modular and ecosystem-oriented solution
§ Very new but integrated into many modern “web applications”
§ Simple data structures and handling
Two Standards of Online Identity Management
28. § Progressive and responsive web-apps
§ Native apps for specific services
§ Native apps for generic services
3 Scenarios for ID Management for
Educational Mobile Apps
29. Swiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device
(User and App Store Trusted)
EDUID Service
Academic Service
EDUID App
Third Party App
Authenticate
Identify & Manage
Identify
Authorize
Exchange Data Exchange Data
Authorize
Authenticate, Identify &
Manage
Identify & Authorize
Generic Architecture
Protocol Endpoints Protocol Models
Identity Management
Service Provisioning
Trusted Service
cryptographically secured
channels
AuthorizationAuthorization Provider
30. Progressive web-apps
Swiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device
(User and App Store Trusted)
Web-browser
Authorization Provider
Resource Provider
Trust Agent
Third Party App
Authorization
The authorization provider
controls the web-sites for
authorization and the app
31. Native apps for specific services
Swiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device
(User and App Store Trusted)
Web-browser
Authorization Provider
Resource Provider
Trust Agent
Third Party App
Authorization
The authorization provider
controls the web-site for
the authorization
The resource provider
“knows” its apps
32. Native apps for generic services
Swiss Academic Domain
(Organisation Trusted)
University Server
SWITCH Server
Internet Mobile Device
(User and App Store Trusted)
Authorization Provider
Resource Provider
Trust Agent
Third Party App
Authorization
The authorization apphelps users to chooseappropriate services
The app asks for access
for known protocols
An app can only access services
once it fully authorized
The authorization app bridges
the trust domain to the institution
33. § Progressive and responsive web-apps
§ Native apps for specific services
§ Native apps for generic services
Scenario-Solution Matching
SAML OAuth2
! !
(!) !
" !
34. § Progressive and responsive web-apps
§ Native apps for specific services
§ Native apps for generic services
3 Scenarios for ID Management for
Educational Mobile Apps
Educators need/want access
to all of these types
37. Target Objectives
Reduce App Authorization Barrier
Remove Opportunities for Rouge Apps Sniffing
User Credentials
Easier Integration of Mobile Apps with the
Academic Cloud
40. Things to take away
§ Students live in device ecologies
§ Multi-device learning environments require interoperability across
trust domains
§ ID management is one key for cross-contextual learning experiences
that rely on educational infrastructures
§ Most complexity of ID management can be hidden from
mobile learning experiences
41. Thank you for your attention
Christian.Glahn@mobinaut.io
Riccardo.mazza@usi.ch