4. The BCcampus Vision
BCcampus is a collaborative online learning
initiative that was established to assist public
post-secondary institutions in British Columbia
to meet their students’ online learning needs.
6. The BCcampus Strategy
Provide agile, personalized access to educational
information and services using a federated
approach to connectivity across system
institutions.
7. The BCcampus Strategy
Provide agile, personalized access to educational
information and services using a federated
approach to connectivity across system
institutions.
Reduce costs and create efficiencies using
collaborative and shared service models.
8. The BCcampus Strategy
Provide agile, personalized access to educational
information and services using a federated
approach to connectivity across system
institutions.
Reduce costs and create efficiencies using
collaborative and shared service models.
Develop and share educational resources and
expertise through the promotion of open and
accessible networks.
9. Federated Identification
Allows a consortium of institutions to provide
electronic authentication for the community of
individuals belonging to any of those institutions
without releasing any confidential or personal data.
All participating members of the consortium can
authenticate individuals belonging to any one of the
participating members without having to create
artificial e-credentials. This is the truly federated
model of authenticating individuals.
The individual’s “home” institution is solely
responsible for assuring the veracity and
authentication of the individual in question.
17. Alignment with the Goals
Federated identification technologies can make available the
authentication / data interchange infrastructure to:
18. Alignment with the Goals
Federated identification technologies can make available the
authentication / data interchange infrastructure to:
provide a secure, trusted, real-time mechanism that can be
used to interchange student information via the provincial
network amongst BC’s post-secondary institutions using
links to online learning resources and information provided
by post-secondary system partners.
19. Alignment with the Goals
Federated identification technologies can make available the
authentication / data interchange infrastructure to:
provide a secure, trusted, real-time mechanism that can be
used to interchange student information via the provincial
network amongst BC’s post-secondary institutions using
links to online learning resources and information provided
by post-secondary system partners.
foster and support the formation of collaborations and
partnerships between institutions that leverage knowledge,
reduce costs and generate benefits for students.
20. Alignment with the Goals
Federated identification technologies can make available the
authentication / data interchange infrastructure to:
provide a secure, trusted, real-time mechanism that can be
used to interchange student information via the provincial
network amongst BC’s post-secondary institutions using
links to online learning resources and information provided
by post-secondary system partners.
foster and support the formation of collaborations and
partnerships between institutions that leverage knowledge,
reduce costs and generate benefits for students.
provide educator support through online communities of
practice, re-usable tools and resources, professional
development strategies, technology training, and online
program development.
23. The Underlying Technologies
Authenticating the individual
– via WEB based “Shibboleth” technology
• Individual authenticates him or herself at the home
institution using that institution’s instance of computer
credentials (user id and password).
• These authenticating credentials (user id and password
combination) are never made available to any partner
institution – the authentication being performed by
computers resident within the home institution itself.
• Shibboleth has access to an individual’s affiliation with
the home institution which can be made available after
authentication.
26. The Underlying Technologies
Authenticating the individual – continued
– WEB based “Shibboleth” technology
• Shibboleth will only release pre-approved data to a
specific partner’s server computer once the
individual’s authentication / authorization is verified.
• Shibboleth was developed exactly for these types of
requirements and privacy considerations.
• Shibboleth is an accepted standard and is actively
supported.
• Widely adopted by IT groups involved in higher
education.
29. The Underlying Technologies
Confirming the Authorization – SAML
• “Security Assertion Markup Language” for computer to
computer communication to prevent fraudulent
transactions and bogus authentications
• SAML (currently version 2) is an accepted standard
• SAML version 2 is fully supported by Shibboleth version
2 (version 2 having been defined as a joint effort from
both development groups)
32. The Underlying Technologies
Defining the Content of the data
• Use of the “EduPerson” standard for Shibboleth / SAML
interchange of data.
• EduPerson is an accepted standard and is actively
supported.
• Use of the Postsecondary Education Standards Council
(PESC) standards for student specific data. (eg. e-
transcript interchange)
• Emerging 3rd party vendor support for the PESC
standards
34. The Underlying Technologies
Enforcing Security
• All WEB pages used by the individual for authentication
and authorization are secured (using HTTPS: pages).
• All network interchanges of data are encrypted using
current DES public key encryption technology – the
accepted standard.
37. The Underlying Technologies
The Method of Transmission
• Existing network (internet) technology used to
interconnect all the computers involved in the
authentications, authorizations, and data exchanges.
• All network data for this application is strongly encrypted
(see prior slide).
• Use of “standards based” Enterprise Service Bus (ESB)
and Systems Oriented Architecture (SOA) messaging
software technologies.