There is a harder and more global competition for recruiting good students and teachers. This leads universities to get concerned about gaining visibility regarding society for the results they obtain in terms of research and education, as well as trying to extend the relation with graduates during their professional careers. Wider visibility in society is aimed by populating institutional channels within popular digital resource repositories (, YouTube, Flickr, Scribd, SlideShare) with digital contents created and consumed by learners, teachers and researchers.

iRepositories are learning resources managed by the institution but hosted in external services and available in public channels. iRepositories try to manage resources with institutional accounts in the most suitable repository services: for bookmarks, YouTube for videos, Flickr for images, SlideShare for presentations and Scribd for documents. This approach takes advantage of the added value these repositories give us for our resources (searching, embedding in other sites, community creation), as well as the myriad of services that spring around these successful web services. Moreover, this means there would be an increasing amount of learning resources ‘living’ in popular repositories and the institution would make public many materials through these digital channels that aggregate all the community contributions.

This is the presentation I used in CcITA’09 (Ibero-American Joint Conference on Learning Technologies):

Single Sing-On at institutions

At institutions, if no centralized solution is provided, authentication is normally addressed using multiple logins and passwords for each service. This implies that the user needs to introduce different credentials in each application. At the first level, a solution based on a directory server unifies multiple username and passwords into a single one. However, there is still the problem of login to each application separately, which is something not affordable in a context where the number and variety of web services for learning is constantly increasing.

Within the administrative domain of an institution, Single Sign-On (SSO) resolves this problem providing an authentication session that is centrally managed, allowing the user to navigate through different web applications using the same session. With the Bologna Process more students and lecturers will be on mobility programs within European higher education institutions. SSO systems are not well suited for this purpose as they are restricted to the administrative domain of each institution. Therefore, SSO systems should be federated so that local services can delegate the authentication of mobile users to their home administrative domains, and these administrative domains can accept authentication requests beyond their boundaries. In this model, the home administrative domain plays the role of an Identity Provider (IdP) while the local service is a Service Provider (SP).

Single Sign-On at Web 2.0

At Web 2.0, OpenID stands out as the most popular and supported initiative for federated identification. Opposed to institutional SSO, OpenID is a decentralized standard for authentication, meaning that the digital identity that does not rely on a unique central authentication authority. In this sense, as OpenID identifiers are provided in the form of unique URLs, any website has the potential to become an OpenID provider.

One username and password to rule them all

Given that the educational community wants to introduce web 2.0 services into the institutional environment, it might be necessary for the institution to become an OpenID provider and to offer institution’s members an iOpenID (institutional OpenID) identifier that can be used to gain access to multiple web services. This iOpenID is be linked to institutional SOO system, so the user will take advantage of using the same username and password for both institutional and external services. simpleSAMLphp, developed by UNINETT (Norwegian Research and Education Network), is an open source and lightweight implementation of Web SSO and several federation protocols. It is a good tool for quick implementation of identity-enabled proof of concept prototypes based on PHP platforms. simpleSAMLphp IdP software plugs into our LDAP-based institutional user information service. By adding a simpleSAMLphp SP software to web services like Moodle or Drupal, users can login to them with their institutional username and passwords, and navigate through them using the same session.

Together with IdP and SP software, simpleSAMLphp also releases an OpenID provider, so an integral solution can be built with it. However, in Spain there is no need for an institution to host its own OpenID provider. RedIRIS, the Spanish Research and Education Network, offers Spanish universities a powerful OpenID provider service called SIR. By installing an IdP software at the university and adding it to SIR service, all users are provided with the same OpenID identifier, which is the same for all universities: At the end of the authentication process, this identifier is transformed into a long identifier ( that contains the information that uniquely identifies the user and the university.

Last, it very important to consider that in a mashup-based architecture, where some services communicate with others via APIs, it is necessary to have mechanisms that allow a service to ask for access permission to another service and exchange user credentials in a secure way. OAuth is the protocol designed for this task. It must be clear that OAuth does not substitute the federation protocols mentioned before. Instead, it complements them by offering a secure channel through which APIs can make use of federation.

Last week I attended the LOGOS Final Conference on New Technology Platforms for Learning in Budapest, Hungary.


My contribution to the workshop have ranged from one-page abstract: Learn-Streaming Support for Personal Learning Networks.

Within all learning environments, we think that the model based on a Personal Learning Network (PLN) is the one that best accomplishes life-long learning and ESHE’s (European Space for Higher Education) goals. In a PLN, every learner uses a Personal Learning Environment (PLE) that assists him searching, retrieving, reusing, editing, sharing and publishing Digital Learning Resources (DLR) such as posts, images, videos and learning objects. A PLE is designed as a mash-up of personalized services, both institutional and external, that reflects individual learning preferences and collaborative work, and tracks the learn-streaming of the student.

Learn-streaming simply means publishing and sharing daily learning activities that constitute life-long learning. It allows students to keep track of what they have done on-line. Institutions can benefit from it as learn-streaming allows to look up the individual activity of the students for curriculum purposes. The aggregation of the learn-streaming of every student allows the teacher to get a detailed picture of the progress achieved by him or her in a particular course or subject. The solution explored in this paper suggests a Network of Blogs for supporting learn-streaming storage.

This is the presentation I used in the workshop:

Dr. Richard Felder’s web page contains articles, columns, and student handouts on learning and teaching styles, active and cooperative learning, and other topics related to effective college teaching. Absolutely recomendable!

Thanks Abelardo!

Shindig is a new project in the Apache Software Foundation incubator and is an open source implementation of the OpenSocial specification and gadgets specification.

The architectural components of Shindig can be broken down as follows:

  • Gadget Container JavaScript — core JavaScript foundation for general gadget functionality. This JavaScript manages security, communication, UI layout, and feature extensions, such as the OpenSocial API.
  • Gadget Server — used to render the gadget XML into JavaScript and HTML for the container to expose via the container JavaScript.
  • OpenSocial Container JavaScript — JavaScript environment that sits on top of the Gadget Container JavaScript and provides OpenSocial specific functionality (profiles, friends, activities, datastore).
  • OpenSocial Data Server — an implementation of the server interface to container-specific information, including the OpenSocial REST APIs, with clear extension points so others can connect it to their own backends.

More information here.

Last week I attended the Workshop on Mash-Up Personal Learning Environments (MUPPLE’08) in Maastrich, The Netherlands.

My contribution to the workshop have ranged from one short paper: iGoogle and gadgets as a platform for integrating institutional and external services.

Abstract: This paper presents a framework for the integration of institutional and external services in order to give support, in a personal way, to the daily activity of each faculty member. The proposed framework is based on corporative Personal Learning Environments (corporative PLE) as the services are assembled, configured and managed within the institution. The set-up of the prototype for the development of the corporative PLE uses iGoogle and gadgets over Google Apps infrastructure. If this framework works smoothly enough, on a second phase we would like to take advantage of it as a test-bed for the research, implementation and testing of social services for educational purposes, since corporative PLE seem to be particulary effective for the creation of a network of PLE, a learning nervous system where each PLE is a neuron and which will generate some type of collective intelligence.

This is the presentation I used in the workshop:


Get every new post delivered to your Inbox.