JISC

This project explored the scenario of an archaeology academic in a UK Higher Education institution (HEI), wishing to apply for a job at another HEI.

Executive Summary

The project explored the scenario of an archaeology academic in a UK HEI, wishing to apply for a job at another HEI. She has many intellectual outputs relating to her lifelong learning achievements. These outputs include her qualifications, final year dissertation, masters thesis, PhD thesis, digital photographs of site visits, her blog, research papers in repositories and online journals, and learning materials developed for her teaching. She wants to prepare her job application through offering a web-based presentation of her achievements based on her e-portfolio assets, selected and narrated to demonstrate the required skills for the job.

Most current e-portfolio applications operate on the principle that assets are to be aggregated within the application’s repository. Evidence from research within the educational domain and the wider ICT world increasingly suggests, however, that users are ever more likely to use Web 2.0 tools and service mashups to create, edit and store assets all over the web. In addition, learning, teaching, and research materials are routinely housed in disparate personal, institutional, national, and commercial repositories. It seems clear that the assets which comprise an e-portfolio will increasingly be distributed around the web, rather than contained in any one repository, local or otherwise. The future of e-portfolio is as a “dynamically generated view of distributed data”, not an aggregation tool.

In parallel with this evolution of general e-portfolio usage, the deployment of content from within e-portfolios as evidence to support employment applications is of increasing interest because of the potential for the rich evidence (from both the perspectives of richness of media and narrative) in an e-portfolio to improve the quality of the employment application.

Undoubtedly, applicants for academic jobs (like most other job applicants) place considerable importance on the application process and are prepared to invest time and effort in presenting the best possible application. For this reason, we believe the scenario offers a fertile setting for exploring the use of e-portfolios in presentation mode – one of the key transactions which research suggests e-portfolios must support. However, the burden of work for the applicant associated with assembling or configuring their e-portfolio for the application is significant and must not be too onerous, even allowing for the substantial potential benefit.

Equally, from the employer’s side, the preparation of job specifications, sifting of applications, shortlisting, preparing for and undertaking of interviews are all time consuming. There is interest in how such rich evidence might, for example, enable checks that surface level claims made by applicants are in fact supported by more detailed evidence. As (web) services are increasingly aligned with business processes, the opportunity for ICT to enhance and indeed transform the employment application process has never greater. Indeed, many universities already use web-based workflow tools to manage the employment process, where candidates complete application forms on-screen and upload curriculum vitae.

However, as for the applicant, the benefits to the employer of this additional evidence must be proportional to the additional effort required to view it.

There are technical challenges too which impinge upon the scenario. Many of the repositories which hold a user’s assets are secure. That is, they require some form of authentication, such as a username and password, and typically a prospective employer will not have access to the same assets as the user. The primary technological challenge in the scenario therefore is how will users be able to securely share access, on a controlled basis, to assets they hold within secure repositories. The scenario might be an employment application, or the RAE, or internal promotion/appraisal, but the fundamental technical challenge for the distributed presentation e-portfolio is the same.

The software mechanism which allows sharing of secure resources is referred to as delegation of authority in security circles. There are already significant infrastructure developments underway in education which will directly support this. The Managing Information Across Partners (MIAP) services will allow learners to link their educational pieces of information together into a Learner Record, with learners able to control third party access to some or all of this record. Referred to as shared services, MIAP and the Minerva project are leading the way in developing large scale secure repositories which support delegation of authority. In HE, secure online access to degree certificates is now being deployed in Ireland and piloted in the UK using a similar approach.

These services are aimed solely at formal qualifications, with heavy duty security models in place to ensure both that learners’ personal information is not compromised, and that prospective employers can have trust in the services. But formal qualifications are only a small part of the e-portfolio in our scenario, and not the richest in terms of their use as supporting evidence. The majority of e-portfolio assets will reside in more general purpose repositories. Many Web 2.0 applications (e.g. Google Docs, Gliffy, etc) already offer a lightweight delegation of authority mechanism which allows users to share their private resources. The OAuth project is attempting to bring these various parties together to use one standard protocol for delegating access rights to third parties. UK HE repositories however, currently do not offer any delegation of authority capability.

From our analysis of the current developments in shared services, we believe that in future there will be two fundamentally different types of repository:

• Authoritative Sources These will be repositories which provide original certified content (via services), and provide digitally signed content when requested to do so. Examples of authoritative sources are universities who provide degree certificates and employers who provide references
• Repositories These are ‘standard’ repositories which are not authoritative sources of information, but rather allow users to create and modify whatever information they wish to in the repository. These far more common repositories will not vouch for the validity of any of the information that they hold, although they will ensure its integrity (i.e. they will return unaltered what they were given). Examples include institutional repositories, and Web2.0 applications.

With the two types of repository described above, it is possible to see how ICT will enhance the employment application scenario. Using an academic applying for a job at a new institution as an example:

1. The academic will create a web document using their editor of choice. The document may include their personal statement, reflections, commentary on referenced assets, etc., as well as links to the assets themselves.
2. Some of the links will reference assets held in secure repositories and/or in authoritative sources. The user will delegate authority to the recipient to access the referenced contents.
3. The web document itself will be stored in a secure repository of the user’s choosing (probably one of the repositories they are already using), with the assets remaining distributed.
4. A URL to the web document will be shared with employers. The user will have delegated authority to the employer to enable them to access the web document and its contents.
5. The employer will be able to view the web document in a browser, read the personal statement, reflections, etc, and click on the embedded URLs to view the assets.

This model requires no special e-portfolio tool, editor, or service. It depends instead on the repositories to support secure sharing of private assets. All users interact directly with the repository services (which is why we refer to this as the direct model).

The direct model undoubtedly offers the most secure solution for the employment scenario. It is, however, sub-optimal from a usability viewpoint, since it may require the employer to authenticate themselves multiple times when viewing assets in different repositories. Equally it delegates the required security development onto repositories, and cannot function if repositories do not provide the required services.

For these reasons we anticipate the emergence of trusted middleware, in this case an e-portfolio tool which will manage private assets, and support secure annotation of private assets by authenticated third parties[1]. It will do this by holding a copy of the user’s private credentials so that it can access the repositories and authoritative sources by masquerading as the user. Furthermore it will act as a proxy to transparently deliver private assets to authenticated recipients (such as a potential employer). For this model there will remain a specific need for a dedicated e-portfolio tool incorporating a presentation layer which provides the user with a rich client user interface tailored to the e-portfolio context, whilst orchestrating a number of services, most importantly delegation of authority, in order to support the user in carrying out specific e-portfolio tasks.

The primary weakness in the proxy model is that it requires users to give their authentication credentials to the proxy so that it can act on their behalf (i.e. masquerade) with the service providers, and many users will feel uncomfortable about giving their authentication credentials to a remote proxy. The trade-off is that it will offer better usability, and provide a means of sharing private assets stored in repositories which don’t themselves support resource sharing. Ultimately it will be for users of the technology and services to determine which levels of security are most appropriate for their particular use cases.

Whilst many Web 2.0 applications already support lightweight sharing of private assets, and shared services will shortly provide a highly secure method of sharing access to formal qualification data, UK HE repositories have no such functionality planned. We argue that there is a strong case for UK HE repositories to implement delegation of authority services which allow temporary access to private digital resources. This would support not only the employment scenario, but other specific scenarios such as the RAE, and the more general goal of allowing users to painlessly re-purpose their data for their own legitimate uses. We conclude that JISC should support and encourage development in the following areas:

Federated Access

• JISC should encourage and support HEIs to implement fine grained attribute release policies and to let subjects set their own attribute release policies. Currently institutions are defining very conservative attribute release policies, and they are typically not releasing anything other than "yes this person is at institution x". If repositories don’t know who is contacting them via Shibboleth login, they cannot allow users to set access controls to allow other users to access their resources.
• JISC should consider further work on policy recommendations for HEIs in what they should/legally can allow to be shared and what users will feel comfortable with being shared. Many of the repository people we spoke to expressed uncertainty about HEI’s attitude to the sharing of resources from institutional repositories.
• As with all aspects of the e-portfolio enterprise, these approaches should emphasise right-sizing/fitness for purpose. While trust and security is an important consideration, and of great relevance for secure data and transactions, the world of HEI employment, and an HE employee’s lifelong learning record generally places lower priority on high level security than on ease of use and utility.

Repositories

• JISC should support a project to demonstrate and/or develop an open source delegation of authority library. The library would enable repositories to implement delegation of authority for resources by way of a simple API, with supporting documentation providing walk-throughs detailing implementation.
• As above this should prioritise usability. In practice, this may mean borrowing from other successful approaches in the wider world of Web 2.0 repositories.

Authoritative Sources

• JISC should support a project to demonstrate the implementation of an authoritative source using an open source repository. The implementation should use the delegation of authority library discussed above. The trial domain could be to provide secure online access to degree certificates, or employment references, or similar.
• JISC should support the development of standards for the format of digitally signed degree certificates and transcripts from authoritative sources. These will probably be based on XML, the Dublin Core, X.509 etc.

Developing The Scenario

• The above measures are critical for the scenario to be implemented but are essentially technical in nature. There would be benefit from “proof of concept” user trials (for example for a small number of job applications in a handful of departments within a particular HEI). The purpose of this trial would be to measure the benefits of the additional applicant information against the effort involved, from the perspective of both the applicant and the recruiting academic. Because of the small scale nature of the trial, many of the technical barriers could be overcome by manual means (for example, including only public assets in the web presentation).

Download the full report (PDF)