BYOD = Bring Your Own Device.
I was very interested to read the following article http://www.scotsman.com/news/education/9000_computers_to_be_replaced_and_wifi_access_for_all_pupils_1_1930318 ( at Scotsman.com written by Gemma Fraser) which bears the news that Edinburgh City will be upgrading its computer stock but also and more interestingly installing WiFi access in its schools.
The improved technology will also allow pupils and teachers to get internet access through their own mobile phones and laptops at school.
I had been thinking about writing concerning the availability of WiFi in Scottish schools. This does seem to be a matter of concern as I have seen a number of Tweets on the subject of BYOD (Bring Your Own Device) and these comments have been made by both teachers and Council IT support staff.
Pupils who introduced some of the speakers at the ICT Summit on the 17th October ( see here ) had made a parallel between schools and other public places like Costa Coffee and MacDonalds. It seems that these young people will take advantage of free WiFi connections when drinking coffee and eating burgers allowing them to maintain their online presence. But not so in schools where in in many cases there are rules banning the use of mobile devices and very often there is no WiFi coverage in any case.
As society is becoming ever more connected there is a is increasing pressure of opinion to support the concept of 24/7 presence even during the school day and on school premises.
It can be argued that there are some advantages in terms of benefit to a pupils education to them being always connected. I can recall about 5 years ago visiting the Education depart of the Council featured in the article above and discussing their own vision of supporting the use of mobile devices to access Education resources. That was early days and the availability of mobile devices was not as pervasive as is the case today – but it is good to reflect and recognize the foresight of those concerned.
Of course to have effective access to any online resource on a small form factor device may require special provision at the user interface level. We are now very well used to having an “app for everything” which exposes the underlying functionality in the best possible manner with consideration of screen size and mode of interaction.
I am now making the bold assumption that it is both desirable and feasible to provide widespread access to wireless connectivity for school users in general. With this set aside I will describe one approach to achieving the goal of universal wireless connectivity.
Has this been tried before?
As you might expect, this is a problem that has been recognised and overcome in other sectors of Education. There are two extremes of approach to permitting connection to a public WiFi network as follows:
- Allow any device to connect without applying any conditions
- Require the user to authenticate so they can be identified and held responsible for adherence to a basic code of acceptable use.
Network administrator/owners would certainly want to have the ability to moderate or block users who abused the system.
With this basic requirement in mind the Higher Education community setup a solution for federated access to wireless networks. The basic requirement is that a user who belonged to one University could visit another University and connect to their wireless LAN without the need to incur any additional user account administration. This was set in place to address the prior position where a visitor needed to gain access to the visited network by registering for a visitor account.
Each user first needs to have a network access account with their home institution. The system then allows the user to access another institutions LAN and the Internet by entering their home UID and PWD. The process of authentication is transparent to the user as they will use the same method to authenticate regardless where they try to access the network.
The solution described (in very superficial terms ) above is called EDURoam. A visit to the EduRoam site provides access to a complete description of how this works.
Here is my simple description of the user experience.
- First the user signs up for an account for network access at his/her university/institutition.
- The UID will be of the form – firstname.lastname@example.org (this is not an email address – rather a two part UID with the @ character separating the two parts – of course for convenience it would make sense to use the users full mail address)
- There will be a password associated with this account – these can be integrated into the home institutions local directory for access to other applications and services there.
- When a user enters their UID the authentication system looks at the part after the @ character and that signifies where it need to send a request to authenticate the user.
- The user is then authenticated against their home institution and assuming their UID and PWD are a valid pair, network access is granted.
The level of network access provided will permit the user access to the internet only (subject to the visited institutions access policy) – the user can then freely access the web and or setup a VPN to access protected services at their home institution. Which is I think is precisely what user would expect.
The following video provides an excellent over view of the advantages of the EduRoam service
To read more about EduRoam vis the website at http://www.eduroam.org.uk
Why not implement a system following this approach for controlling access to wireless LANs in Scottish Schools?
Why not indeed? In order to achieve a joined up solution for network access like this it will be necessary for any LA that wants to participate to firstly provide a wireless access capability and then to implement a federated access control system. EduRoam is prime candidate for providing the federated access control needed to achieve this goal.
Alternatively, Scottish LAs could pursue localized and inconsistent approach – in favor of a more “joined up” and coordinated approach.
I would like to see Scotland adopting a scalable and consistent solution to this issue, that in my view, would offer most benefit to its end users!