1250 Connecticut Avenue NW
Suite 200
Washington, D.C. 20036

EA2 Task Force

Electronic Authentication/ Authorization (EA2) Task Force

PESC EA2 Task Force

The Opportunity

Over the past few years the technology for exchanging data among colleges and universities and with their suppliers has matured. Web services technology provides industry standard Internet-based communications based on XML messages. Security is available through PKI, SAML, and, for colleges and universities' unique requirements, Shibboleth technology.

The volume of these data exchanges is increasing sharply as more students take courses in multiple institutions, employers require additional documentation of educational experience, education financing has become more widely used and more complex, faculty and student rely more on electronic publications, and colleges and universities offer a spectrum of courses, methods of teaching and learning, and learning environments to match needs of the knowledge economy. In addition, people's experiences with online financial, information, and purchasing services raise expectations of increasing quality of service from colleges and universities.

As an "industry", however, postsecondary education has not yet achieved the improvements in service and lower costs that other industries have. With currently available technology, the opportunity now exists to "put the pieces together" to attain the commonality that would drive implementations beyond the "tipping point." Many believe that reaching "network economies" would benefit colleges and universities and their consumers and suppliers.

The Task Force will focus on this opportunity.

The Goal of the Task Force

The goal of the Task Force is to improve service, lower unit costs, and ensure security through the implementation of e-Authentication and e-Authorization technology and practices. The result is a common e-Authentication/e-Authorization framework for data exchanges that cooperating parties can implement to support the broader goal.

This requires common, detailed, and unambiguous profiles for existing specifications and standards, perhaps some extensions of existing standards and practices to meet specific needs of postsecondary education; and rationale for priorities, choices, and recommendations that demonstrate feasibility, economies, and sustainability.1

The Task Force may also recommend specific implementation efforts that would support the broader goal and encourage participation and sponsorship of this work.


The work of standards-setting organizations and their early implementers will be reviewed for functionality and judged on their potential benefits to higher education and, pragmatically, the likelihood they will become de facto "standards." Early implementations, especially in postsecondary education, whether at that time successful or not, will be the primary source of information for the Task Force. These projects also provide a cadre of experienced practitioners whose expertise can be important to the success of any broader implementations.

Mass implementation of a specification, standard or practice largely depends upon the economics of the implementation of new technology and new processes. Economic analysis, even approximations, will guide Task Force recommendations.2

The implementation of new technology accompanied by new processes imply some reorganization of work, which affects relationships of faculty, staff, students, and the organizations and even broader public that are customers and suppliers to colleges and universities. The likelihood of success of an implementation depends in large part on "feasible" short-term and long-term changes to academic and business processes and practices.

The Task Force will assure the different perspectives are understood and shared with the broader community.

The Role of the Task Force

The Task Force is aware that their work is a series of steps, all done in cooperation with the larger community of colleges and universities and their suppliers and consumers.

The first step will be sharing knowledge of what has been accomplished. There have been successes in implementing data exchanges. Implementation of the PESC electronic XML transcript is an example. The exchange of student financial aid data using NCHELP specifications and U.S. Department of Education practices is another. Supporting the use of IFX and NACHA-compliant financial transactions are yet others. NCHELP's Meteor Project in conjunction with the U.S. Department of Education is implementing one of the largest uses of OASIS and Internet2 specifications and technology for transitive trust. All of these are based on W3C specifications.

External to postsecondary, the Liberty Alliance has developed standards for exchange of authentication of consumers or users among suppliers. The U.S. government continues to increase the interoperability of systems and the use of common authentication and authorization technology and practices, primarily by the General Services Administration following work of the National Institute of Standards and Technology (NIST) under guidance of the Office of Management and Budget.

The successes of "supply chains" in postsecondary education already demonstrate the characteristics of a successful common framework for data exchanges; often known only to the few who participated in the development and implementation. In each case it was necessary to make detailed decisions on implementations of a specification -- often called a profile and collectively as a framework. Identifying and perhaps further documenting this work would provide context for broader collaboration in the Task Force's work.

Similarly successes in business and industry and government provide examples of specific implementations and, perhaps more important, accurate forecasts of what will become a de facto standard.

The Task Force will need to identify the opportunities where a framework could be useful. Current efforts to integrate scholarly systems, libraries, and administration may provide opportunities. There are opportunities that cross the traditional boundaries between the various standards-setting bodies -- most represented on the Task Force. The interim result could be a list of these individual opportunities.

The Task Force represents a broad spectrum of expertise and experience. One of the most important contributions will be judgments about feasibility and benefits of these individual opportunities. These judgments yield priorities of feasible implementations and identify the scope of commonality required for a framework.

The framework itself then is the selection of technologies and standards, and the specific details of implementation of specifications and standards -- the profiles.

The Task Force can also recommend priorities for implementation.

1. Most standards have requirements -- IETF uses the terms MUST, REQUIRED, and SHALL for requirements, MAY and OPTIONAL for permitted choices, and SHOULD for some ambiguous situations. These are described in Harvard University's Scott Bradner's IETF Requests for Comment 2119 drafted in 1997. It is cited as authoritative in almost all standards-setting in information technology. The term "profile" is now frequently used to provide the additional detail needed to achieve data exchanges. Profiles are often defined for a specific industry. For example, an item description for electronic components may be different from item description for the finance industry.

2. Various standard-setting organizations use different terms for their results. The terms specification, standards (ISO, OASIS, IETF), and recommendations (W3C) are all used. The emerging practice is specification or recommendation when widely implemented becomes a "de facto standard" or if adopted by a "standards body" then a published "standard." The ambiguity is not resolved here.

Inquire About Joining This Task Force