[I-mobile-u] Blackboard MobileEdu

[Andrew Yu]

Hi David,

Thanks for the introduction and apologies for the delayed response. David Ormsbee (Modo Lab's CTO) and I were in San Francisco last week attending WWDC and we did not get a chance to respond sooner.

Mike (Seibel), please see below for our thoughts (Modo Labs and MIT):

MIT and Modo Labs have not announced concrete direction for an authentication piece for the MIT Mobile Framework, but here is what we have so far and what we are thinking of in the future:

1. Certificates (Mobile Web): Due to the nature of the MIT's environment where X.509 personal certificates are widely used by both desktop and mobile device users, we had to initially focus on making this a priority. Some time around 2008, Apple finally provided support for X.509 along with providing "profile" capabilities that allowed us to distribute personal certificates over the air (see http://m.mit.edu from your iPhone and check out Certificates). The MIT Mobile Framework already has an implementation of this for the Mobile Web as of version 2.0. Modules that use certificate include TechCASH (MIT's debit card system) and Libraries (to fill out the user's credentials based on the authentication).
[Note: We will continue to support certificates as a way of authenticating users. We believe that this provides better usability -- the user does not have to put in user name and password -- and adequate security -- the certificate installation process accompanies passcode lock policy on the device.]

2. Certificates (iPhone Native App): Carrying the "requirement" for certificates into the iPhone native app last year (summer 2009), we ran into a stumbling block. The iPhone OS 3.x as well as iOS 4.x does not yet allow third-party apps to access private profiles on the device. This means that to use certificates as a viable authentication mechanism, we would have to force the user to install certificate "twice" (one for the mobile web and another for the native app) and it would have been difficult for the end-user and create a support burden. Additionally, installing certificates for a third-party app would not provide the option for integrating passcode policy. As of last week, when I spoke with Apple engineers about this, they acknowledge that this is not ideal, but they did not have immediate plans for fixing this.

3. Single Sign On (MIT "Touchstone"): As some of you may be aware, MIT also uses Touchstone which is an authentication approach using Shibboleth in conjunction with other component. Due to the user demand for improved "desktop web" experience on mobile devices, we started to roll out mobile versions of MIT Touchstone. As an example, if the user tries to access a desktop web site that uses Touchstone from an iPhone, the user will be presented with an iPhone version of the single sign-on user interface. 

[Note: I need to head out soon, so I will continue this tomorrow, but I wanted to list out a few more items that all point to the following conclusion:]

MIT Mobile Framework is an open source framework that will allow various implementations of authentication both for the mobile web as well as native apps. Modo Labs (with support of MIT) intends to continue to grow the community via iMobileU. We would also like to bring in non-higher education organizations, e.g. financial services companies, major news/media companies, retail companies that will not only benefit from the MIT Mobile Framework but also can contribute their improvements to the framework. We acknowledge that this is not an easy task, but we firmly believe in the fact that a) the mobile space will remain fragmented (iPhone, BlackBerry, Android, and others will be used by students, consumers, and professionals); b) no single company or organization can keep up with the rapidly changing mobile platforms (yes, the change in the platforms will be forthcoming faster than anyone can possibly keep up on their own); c) the power of collaboration and open framework will truly allow all participants to benefit from such work.

More thoughts tomorrow...

Andrew Yu
Modo Labs, Inc.

On Jun 11, 2010, at 10:20 AM, David R. Morton wrote:

> Mike,
> 
> I don't have any documentation, but can make the proper introductions to the Blackboard folks. Blackboard Mobile, meet Mike. Mike is leading a quick project for us on Mobile Authentication. Can you please respond with the appropriate contact information so he can setup a call to discuss. He is on a tight time frame as we are driving to have a draft strategy document in the next couple of weeks.
> 
> At MIT, you can contact Andrew at Modolabs for some history (he and I have had many conversations over the last year or so), but  Michael Gettes is the right guy to ping at MIT proper. Michael, are you the best contact at MIT?
> 
> I've cced most of those folks there.
> 
> Everyone, thanks for the assist and let me know what I can do to help move the conversation forward.
> 
> David
> 
> 
> 
> David Morton	
> Director, Mobile Communication Strategies
> University of Washington
> dmorton at u.washington.edu
> tel 206.221.7814
> 
> 
> ----------------------------------------------
> www.freshlymobile.com
>                  a fresh look at mobility
> ----------------------------------------------
> 
> On Jun 9, 2010, at 3:16 PM, Michael Seibel wrote:
> 
>> Hi David,
>> 
>> I'm going to make you reget your offer of assistance the other day!
>> 
>> Is there anything (people, notes, docs, sites, etc) that you could point 
>> me to as far as Blackboard's auth solution's for Duke and Stanford that 
>> were mentioned last week?
>> 
>> I'm thinking the bi-weekly conference call is a bit too far out to get the 
>> scoop from the MIT folks (now at modolabs?) on their plan for MIT mobile 
>> app auth.  I found an interview from April with Andrew Yu where he 
>> mentions auth is missing missing in the mobile app, but I'd like to get 
>> their thoughts on direction before next week.  I also found the framework 
>> source on github, but haven't poked around for clues on their direction.
>> 
>> Lastly, for some background on the UMich SSO app, would Andrew Mortensen 
>> be the best contact, or would you suggest someone else?
>> 
>> Feel free to toss anything else my way that you think might be at all 
>> helpful in getting the lay of the land!
>> 
>> -mikes
>