In honour of today’s ‘Identity Management Matters‘ event (which I am missing, due to gastric flu) I thought I would contribute a post to the conversation rather than my presence. This can be found on twitter at #idm.
One of the ways in which people typically open an Identity Management event these days is to say ‘students use Google mail’ (David Harrison did make a similar point at #idm but this post is NOT about his talk, which took a different direction). With yesterday’s announcement from Facebook, who knows if this will also include Facebook mail? This is often used as an argument for people interested in outsourcing to Google or to Microsoft – they are providing an experience that the users are familiar with.
This is all absolutely fine, right up the point where people then go on to what they see as the next logical step in the argument – students use personal credentials, ergo, we don’t need institutional credentials. This is where I go – ‘huh?’
There is a big difference between a student being provided with an account that is outsourced to Google by the institution and a student using a Google account that they had before they came to University – or a hotmail account, which going on an unscientific study of my sister’s 18 year old friends, they are most likely to have. Outsourcing to Google is no different from the experience had by many institutions in the UK for several years where access management was outsourced to Athens from Eduserv. This account is still attached to the institution, whether it carries with it an .ac.uk address or not. It may be passed on to the user in an alumni agreement, but during the time at the institution the student’s outsourced account is still maintained for them by the institution in agreement with Google, Microsoft etc. This is an important distinction as institutions can then effectively assign authorisation information to the student’s account which makes it usable in a variety of scenarios where proving you are a member of an institution is vitally important.
I think it is important that we keep pointing out that being able to authoritatively prove you (i.e. not self asserted) are a member of an institution or organisation (think CILIP) will continue to be very important. It will probably be most important where your studentyness or your staffyness gets you discounts or free access to things – like tickets, software, content etc. Even if the current institutional licensing model were to break down in favour of individual payments it is likely that many ‘pay-per-view’ systems would still offer discounts and savings based on membership.
Let’s now go back to the first statement made in this piece – the idea that students place more value on their current google account than an institutional account. That may be true, but then they are missing out on a whole bunch of potential savings by not appreciating their institutional account. I’m also not convinced that people don’t want to keep their personal and institutional spaces separate, and I’m also pretty convinced that this separation is a pretty good thing to maintain.
If we assume that I am wrong and the average student really wants to be able to use their Facebook account for example to be able to authoritatively assert they are a student of bloghampton university, let’s think about what that means:
- Someone will need to ensure that the Facebook account really does belong to that student through a verification process. I’m assuming self-assertion would be OK but it still needs to be done.
- The student would then need to allow the institution permission to add information to their account. This is possible in the Facebook workflow, but would mean maintaining an application just to provide information to Facebook.
- The institution would then need to update this information regularly and more importantly REVOCATE it when the affiliation ends.
- Service Providers that interact with these students would need to be able to extract information out of the account when needed.
All of this would be possible, but would you want to use your Facebook account in this way? Would institutions want to maintain this infrastructure and what would it cost? How would this be replicated across all the different providers that students might have accounts with and prefer to use?
So I’m left wondering what point the people who tell me that ‘students use Google mail’ are trying to make. To be honest, so do I. Hotmail as well, which is my primary personal address. I’ve even become very good at only using my personal address for non-work related stuff, rather than my work e-mail. Do you really want us to find a way to add authorisation information to personal accounts? Are you talking about outsourcing rather than personal accounts, which we can already do? Or are you just looking for a way to use a more exciting topic than the mundane world of institutional account management? I don’t mind what your answer is, but I would really like to know the point 🙂