Can you be more specific? I'm currently dealing with similar issues for a government department, so it would be good to know exactly where your IT team's issues are.
Do you mean being able to push badges from the uni Moodle to the Mozilla Backpack, i.e. it fails because the Moodle badge issuer can't be validated through the firewall?
BTW, it's not just that. External displayers also need to be able to see the issuing platform, the way the system works now.
Also, is it just about the firewall or is the fact that Mozilla Backpack is hosted on foreign soil an issue?
Also? What about importing and/or displaying badges earned outside inside the uni? These could be from MOOCs like EDx Open for example. Is this significant, or irrelevant?
BTW, did do you know about the Australian HE CoP about badges called Assuring Graduate Capabilities?
Not sure how many of its members are using Moodle, but it may help on several fronts.
My OP was misleading sorry. It's not just about security in taking badges out of the system into the backpack but the other questions might including:
Do the rules around who and why badges are issued need to go through a formal process?
Do we need marketing involved re branding and design principles for badges?
So I'm really after the whole process of implementing them. Anyone willing to share?
1. The user gets to choose whether to push any given badge to their backpack, so I don't think there is a privacy/legal issue there - by publishing their badge, the user is effectively saying they want people to look at it.
2. That depends - I've seen an implementation where individual teachers are allowed to issue their own badges within a course, with no/little formal process BUT they are not allowed to use any of the institution branding on those, while any badges that do bear any of the institution branding do have to follow a more formal process as part of the course development process.
3. Again, in the above instance - the less formal tutor issued badges did not necessarily go through the design team, while the more formal institution issued ones did (essentially they created a base of the badge graphic and then the text around it could be altered easily by them for each badge)
Richard goes to the heart of the matter. Once privacy is basically preserved, it's mainly about creating and preserving the perceived value of the badges.
If a badge is a small scale "Attaboy" to students, instructors can be permitted great flexibility. If the credibility of the institution is included in the value proposition, then the organization should provide oversight and policy guidance to creators.
In my own case, I found that perceived value is almost entirely created by the issuer. There is very little in the inherent advantages of badges that appeals to employers. They are basically unfamiliar with the paradigm of digital mini-credentials (badges and backpacks). Any value they attach to them is mainly from the reputation of the issuer. "If Purdue issues these, they must be good..."
As my published friend like to remind me, there are no rough drafts. Everything in writing is a first article because it will never stop circulating. I have already had to revise badges while not being able to retract the old one. Once issued, they are chiseled in stone
So I think the issuer must provide guidance and assure quality. At least, tell the professors not to issue badges for just showing up. We have enough of that already.
Just in relation to the points above.
1. Can I ask how you interpret this given your stance on privacy? http://openbadges.org/legal_faq/#issuer-responsibility
Obviously the requirements will depend on the organisation involved, but let's assume we're dealing with large government educational institutions.
2 & 3, I totally agree with what you have here. Although the non formal may be acceptable for a Primary School, but not in a Tertiary level institution who's awards may be seen as an endorsement of a real competency rather than just an elephant stamp (to use a colleague's terminology)
As an Issuer, you grant us a non-exclusive, worldwide, royalty free license to use badges (including all the content and code in them) pushed to us by Earners from you in connection with the Mozilla Badge Backpack.
If you don't want to make the content of a badge publically available, then why use a badge in the first place? - the whole point of them is to be distributed and this allows for that to happen via the backpack process. Not to allow this would kill the backpack itself as users would not then be able to use the backpack mechanism to push their badges out to other sites.
Put very simply, Moodle provides the ability for 'Earners' to create a link enabling them to push their badges out to the backpack as they wish, it is not an automated process by Moodle, it is entirely in the hands of the user what they share with their backpack. Information is collected and stored within the internal Moodle database in the same way - and is subject to the same data protection regulations - as every other piece of information held on students in Moodle.
- Your badges will comply with our Content Guidelines.
- You will get Earner consent prior to sending a Badge to the Mozilla Badge Backpack.
Moodle doesn't automatically send them, the user has to upload the badge to their backpack - their action, their consent.
- You will not send us the information of any user under the age of 13. For more information, see the COPPA FAQ, below.
- None of your badges will contain content or other information that infringes the rights of any third party (including intellectual property, privacy or publicity rights);
The institution has a copyright office and runs internal training and courses about use of content
- Badges may only contain the user's email address, the issuer's name, the badge name and specific data about what the badge means such as the badge description and criteria URL, which is a URL pointing to a page hosted by the issuer that details all the criteria required for earning the badge. You will minimize any personal information inserted into a badge's description by limiting that information to the achievement or accomplishment of skills, attainment of certification or credentials. See the technical specifications about badges for more information.
Fine - guidelines on what goes into a badge, but not really sure why you would put anything else anyway
- If you are an educational institution, the criteria for earning badges may list required grades or minimum grades but the badge itself may not contain any information indicating the actual grade received by that Earner. For more information, see the FERPA FAQ below.
Again, fine - Badge content contains its criteria, no personal info about actual grade obtained
I can see some of these issues being significant if the system automatically pushed the badges externally, but that's not the case. Users have to set up their backpack, create the link between Moodle and their backpack and then push any badges they receive out to their backpack, so they have control all the way through the process.
Possibly someone with more legal experience can tell me that my viewing of this is overly simplistic and we need a 500 page policy and process before we even started piloting this - but I really don't see the major issue here. These privacy guidelines appear to be common sense to me!
Badges are intended to be public, otherwise why issue them? Students have the ability to control whether they push them to a publicly viewable location (their backpack and from there anywhere else), its not forced, they can choose not to (well in fact they have to actively choose to push them). And the data related to badges is subject to exactly the same data retention and data protection guidelines as every other piece of student information in the institution - its not like keeping student data electronically is a new issue that has to be dealt with from scratch.
Can you clarify what of those guildelines you are struggling with and maybe someone (as I said with more legal experience than me) can enlighten both of us?
Thanks for your response. I find it elaborates on the Moodle badge function even more than the docs, I think that your response should become part of the docs themselves.
Again, thanks for your response.
What security reasons do they give?
I use Moodle to push badges to backpacks all the time. These answers are based on what I know so far.
To view the credential, the outside user must have access to Moodle, though it is not necessary to log in. The badge contains a link that posts to Moodle, which replies with the credential information.
As digital credentials grow in use, all University IT Departments will have to face the issue of authenticating them to outside queries. To start with, the badge should not contain anything that cannot be confirmed to a public query, e.g., course grade, email, etc. Later versions of Moodle have removed the email from badges for that reason.
What use is it to issue digital credentials if the issuer refuses to authenticate them?
Hi Bill, you've helped me understand some of the issues a little better. I've explained further what I'm after in a series of questions in an earlier post. I'd like to hear what you have to say. Thanks.