Saturday, 20 August 2016

Mistake In Identity

One of my favourite podcasts, Out of School, focused on a newly emerged problem with managed Apple ID and iTunesU. Fraser Speirs explains it in his blog in far better depth than I can but essentially what on face value sounds like a sensible idea ("only allow students with managed IDs to sign up for iTunes U at the same institution they belong to") completely torpedoes the existing practice of teachers that have their own Apple ID and a rich set of resources associated with that - and frankly don't want a second device just to use iTunes U through a restricted school ID.

Fraser's suggested solution - allowing a course created within the school domain to invite in external teacher accounts (i.e. let a teacher create a course with their school ID on the web but then invite their normal account in as co-teacher) would be a sensible one, but I wouldn't want to be waiting for Apple to implement that by the start of term...

So you can wait for Apple, change your plans and not use Managed Apple IDs for your school (accepting that if this is Apple's strategy you will progressively be giving up things over the years ahead) or drop iTunesU and move to Google Classroom (good luck announcing that at the first staff meeting of the year!).

Which rolls back to my general distrust of allowing anyone to have an undue influence on how you manage the online identity of your staff and students. If the future is moving to using an array of smaller, more focused apps rather than monolithic big institutional systems (and it is) then having your system beholden to unexpected policy changes of a third party is never going to be good news and you need to be careful where you place your trust.

As well as the example of Apple ID above, how about the fiasco that was Google Play for Education? Anyone at BETT in 2015 would have seen the fanfare of a new system that:

  • Solved the multi-user tablet problem (except it didn't for the very devices that Samsung had just released with great fanfare at that very show - happily we never invested money in them but we did waste several days with loan units).
  • Solved content delivery by marrying up Google ID to a managed store for Apps and Content. Except content was minimal (the eBook section in particular being monumentally embarrassing) and the service was.... pulled in mid-term (never, ever a sign of a committed partner to schools).
With this sort of churn in mind, although I'd happily recommend using systems like Office 365 or Google Apps (or both) I would never want my organisation's strategy for knowing who is who and who can do what to be tied to Google or Microsoft or indeed Apple.

We're making much greater use of iOS this year. We've held back historically partly because of the poor experience as a shared device, but where there is a 1:1 situation (e.g. as a teacher device) it answers so many questions so well, it's become the solution our staff want to use - but we're not looking at managed Apple IDs (thank goodness), rather device assigned apps  and have avoided iTunesU because we just don't deploy enough iOS stuff to make it effective (and so many of our users access material on their own devices which isn't iTunesU friendly). For us Google Classroom offers a good solution because it works on everything and because our own in-house ID system syncs with Google ID.

That means we aren't worried by the Managed Apple ID disaster/ fiasco (or indeed simply blip as hopefully it will be solved quickly by people at Apple who listen to Out of School).

Ian Addison blogged recently about the pain of setting up multiple accounts on multiple services for his school. His school are really fortunate to have an Ian - around the world there are many hardworking souls who cope with all this logging in and authentication business for classes and their colleagues. 

Remember the National Grid for Learning? Wouldn't it have been great if as an outcome of all that we'd had a trustworthy single sign on system for staff and students in education that became the standard against which everyone had to do single sign on if they wanted to actually sell products in education. It won't happen, there are too many people whose business model runs counter to it... but it's a thought.

I did a post a while back about how we as a network of schools do managed identity, I'd be really interested to hear from anyone who things they have found a good solution that gives them long term security, the agility to try new things without making life really complex and doesn't mean investing in some large and monolithic "answer to everything" system that will take years and implement and never work properly...