Re: Support for Verifiable Claims Task Force

+1 to John Tibbetts on CBE case for verifiable claims:

"CBE raises new opportunities for verifiable claims.  An individual might want to apply to graduate school with one set of academic claims, but might also want to apply for a side-job as a lifeguard with claims including CPR, swimming proficiency, dive certifications, etc.

This all means that it has to be far easier to generate snapshots of selective claims and do it far more frequently—not just at the end of an academic course.  But it’s imperative that the ease of creation not compromise the underlying security and privacy concerns."

--
Jim Goodell, CEDS Standards Lead, QIP
@jgoodell2


From: John Tibbetts <jtibbetts@imsglobal.org>
To: W3C Credentials Community Group <public-credentials@w3.org>; public-webpayments-ig@w3.org
Sent: Monday, February 8, 2016 5:03 PM
Subject: Support for Verifiable Claims Task Force

For some months I’ve been following the progress of the group now calling itself the Verifiable Claims Task Force.  I’d like to lend my support for its further evolution.

Over the past decades I’ve been an enterprise architect across different industry verticals including utilities, transportation, insurance, and banking.  In the past decade I’ve focused entirely on education, particularly on educational interoperability between educational institutions and learning tools.  I’ve served as chief integration architect for both CourseSmart and Vitalsource Technologies, each dominant platforms for electronic textbooks (now merged).  I’m now serving as Chief Product Architect for IMSGlobal Learning Consortium.  Education has particular needs that I think mesh particularly well with verifiable claims.  I’d like to briefly comment on them.

Secure Services

The state-of-the-practice in educational interoperability requires secure services.  The most common case that I encounter is to link learning systems with third party tools.  A secure service can make sure the right party is connecting to the tool, can protect the intellectual property of the tool provider, and can ensure the reliable return of analytics or assessment outcomes from the tool.  We currently use service-centric ecosystems to secure conversations.  Where things become stickier is when we inject the privacy requirements of secure documents.

Privacy

There is widespread industry awareness of the privacy mandates of healthcare with HIPAA, but less awareness that education has a similar mandate called FERPA.  (In fact one of the interviewees, DH, specifically mentioned that education doesn’t have the same privacy regulations that healthcare does).  The Family Education Rights and Privacy Act provides assurance that a student's Personally Identifiable Information (PII) and educational records be controlled by the student, or the student's parents.   FERPA mandates, for example, that a learner’s name and email address  be not shared with learning tools (eTextbook readers, electronic models, simulations) without learner authorization.  As a software vendor, and as a collaborator on standards for educational software, we spend a lot of time trying to accommodate that need while still providing for analytics and grade return flows when identities are obfuscated.

Of course, privacy is only a part of a broader security mandate.  Whereas security also needs to support the availability and the integrity of information, privacy specifically deals with informational self-determination.  It’s this self-determination that maps very clearly to the key user-centric quality that is the hallmark of a verifiable claims ecosystem.  Probably the clearest case for verifiable claims is in the generation and distribution of electronic transcripts.

Electronic Transcripts

Learning institutions have developed a great deal of accepted practice concerning transcripts.  Much of FERPA is devoted to documenting the precise content and process related to transcript dissemination. There are a variety of dissemination mechanisms: paper, secure PDFs, transcript delivery services, etc.  In the past year educational partners within the IMS Global Consortium have been prototyping and developing standards for electronic transcripts.  The goal of these standards is to foster a lighter-weight ecosystem for the movement of transcripts.  There are a couple of reasons why the work of the VCTF is directly relevant to electronic transcripts.

First, by its very nature, a transcript *is* a set of specific verifiable claims.  And to make these claims actually verifiable we need to preserve the integrity of the transcript; that is, ensure that we have the same set of claims now that the learning institution generated.  While a secure conversation protects a document along the way from source to destination we also need to ensure that the document itself is intact.  It’s far more secure to protect the document  than to attempt to keep it protected at every waypoint.

In addition, the dissemination of academic records, according to FERPA needs to be controlled by the learner.  (Registrars see this as their job as well but see themselves as acting in the interests of the learner).  This is where the informational self-determination comes in.  It’s the student’s right to have decision-making ability over the transcript and that the student’s academic record be otherwise private.  In a re-engineered ecosystem learners might in the future be able to move their transcript to other institutions or prospective employers without the source institution knowing about it.  Note: this is currently not politically tenable with most registrars and institutions.

Competency-Based Education (CBE)

A related movement that is growing at an explosive rate is finer-grained tracking of competencies (of all kinds) and that these competencies can be included in what we call ‘extended transcripts’.  The pressure for this grows with new flexible learning options like MOOCs, distance learning, and the like.  Certain progressive learning institutions like WGU and Capella deal almost exclusively in recording competencies, with courses taking a secondary role.  Competencies can include work experience, non-traditional training like CPR or training to more effectively engage in remote projects.

CBE raises new opportunities for verifiable claims.  An individual might want to apply to graduate school with one set of academic claims, but might also want to apply for a side-job as a lifeguard with claims including CPR, swimming proficiency, dive certifications, etc.

This all means that it has to be far easier to generate snapshots of selective claims and do it far more frequently—not just at the end of an academic course.  But it’s imperative that the ease of creation not compromise the underlying security and privacy concerns.

Where to go from here?

Notice that the above-comments directly support the VCTF Problem Statement (http://w3c.github.io/vctf/#problem <http://w3c.github.io/vctf/#problem>), especially the first and third point:

     [1] "This means users can't easily change their service provider without losing their digital identity”.  We need verifiable claims, like an electronic transcript, that can travel where their own needs while preserving the privacy of their journey.

     [3] “There is no standard that makes it easy for users to assert their qualifications to a service provider”.  This is the crux of our current problem.  We need to make it easy to generate a wide variety of verifiable claims of competencies that can be used by learners to expand and exploit their learning experience.

Consequently I believe that W3C should launch official work to address these pressing technology, even cultural, needs.

A great place to start would be to document what a credential looks like (perhaps either a data model or ontology) plus a graphical diagram, such as an interaction diagram, of the credential’s life cycle.


John Tibbetts
Chief Product Architect
IMS Global Consortium

Received on Friday, 12 February 2016 00:21:32 UTC