Glow – Closed or Open? #EDUScotICT

Introduction
I have heard the view expressed that Glow is a closed system and is in some way disconnected from the web as a whole.  In this post I want to explore what the basis might be for this perception and to identify things that can be done to address any concerns going forward.

The Glow National Directory (GND) and Authentication System (AS)
Glow has at its heart a directory of users which can contain all of Scotland’s Pupils, Teachers/School support workers and parents.  The directory in addition can also contain “guests” – where a guest is a trusted individual who is recognized by a management entity (Local Authority or School) of Glow as being an appropriate addition to the community.  Guest users currently can include for example subject matter experts (not school based) who are working with schools from other sectors of education including FE/HE and from the content provider sector including museums and education software/service providers.
A key attribute of the Glow National Directory is that admission to it is based on a robust system where all users are known and trusted and therefore can be held accountable for their actions.  The main source of trusted data is the school Management Information System (which is administered by the school administrator – the closest touch point for end users) . This is the chosen source because at the time when the solution was designed it was felt appropriate to minimize any additional steps to the process of user management.  For this reason the addition of a user to the School MIS system sends an automatic ‘add user’ request to the Glow User management system and the user account is created.  In a similar manner there is an automated process which deals with the movement of users within the school (from one class to another) and between schools and/or LAs.

Why not self registration?
Web-based social networking tools like facebook, twitter, Google, Yahoo etc typically use a system of self registration.  When a new account is being created there is no system to cross check the user’s real identity to guarantee that the user is really who they claim to be.  This makes it possible for a user to create an identity at will which may not be based on their real identity.   To illustrate – a child who is below the age threshold for a given service can masquerade behind a date of birth which makes them seem to be older than they really are.  I know this happens and have seen real examples of this in real life situations.  I know of some examples of this practice where it has been done with the knowledge and approval of their parents.

In order to support a user account management system which is based on self registration I believe that it would be necessary to validate each account as it is created.  I imagine that the overhead caused here would cause too much work.

These are some of the reasons why the existing Glow user account management system for was designed and implemented.

What if a LA does not create a user accounts for staff or pupils?
The current user management system requires the LA and School to participate in order for user accounts to be created and maintained.  So what happens when either the LA or school does not participate.  I have heard that this can sometimes be the case.  Based on the current system – users affected in this way will not be able to get access to Glow.  I have further heard the opinion that this issue can be over come if a self-registration system was to be introduced for Glow.  This would in theory allow eligible users in schools and LAs which do not support the use of Glow to never the less obtain accounts.

So can self-registration be a solution in this case?
Sadly the current system is based on the premise that the LA/School is the point of authority when it comes to assuring the user identity and establishing their Glow account.  So, if there was to be a self registration system for users to signup for their Glow account the LA/School would have to participate in the process and also ensure that the school MIS system is updated to confirm the status of the users Glow account.  It is hard to see how self registration can be managed if the principle of trust in user account creation and maintenance is to be maintained.

It is however clear to me that if Glow is to provide a truly national platform for learning it would be unacceptable for any LA or School to have the option to opt out.  At the very least these organizations should be required to support the validation of self registered users.

So is Glow really a closed system?
The user base of the Glow community is certainly closed in the sense that “any Tom, Dick or Harry” cannot self register for a Glow account.  Once a user has their account established they are at liberty to access any Glow service and also make use of the vast amount of resources which are available through the internet at large.

Some external ( to Glow ) resource repositories contain a content which is not accessible freely on to any user.  Federated authentication provides a solution here where by any federated resource can be accessed by any authorized Glow user based on their own Glow credentials.  So any Scottish teacher or pupil has access to the SCRAN resource with out the need to re-authenticate.  Information including the school and class that the user belongs to can be used to limit access to a certain subset of resources as necessary for these federated services.

In addition, any Glow user can link to and reference any openly available internet resource.  This has been the case from day one so I would maintain that Glow has never been a closed system from a content perspective.

Why do some people consider Glow to be a closed system?
The issue of Glow’s openness has been confused for end users because they do not distinguish between access to the Glow service and general access to the internet, which is controlled/limited by their local authorities policy on content filtering.  This is exemplified by a number of comments I have heard on the topic of internet filtering and the differences which exist between one LA and another.  Some LAs for example will unilaterally block access to YouTube while others permit access to the same.