Blackboard's new relationship with Acxiom has me thinking about whether it would be possible to bolt Acxiom's student verification technology into a Sun Identity Manager implementation to replace the 'security' question functionality (which I, personally, hate). So, in essence, if you forget your password for a UNL system you would be presented with 3 questions about your past, based on public records data (like many banks or credit institutions do) instead of a question about who you said your favorite elementary school teacher was.
Security questions are a pain for a lot of reasons. First, the identity provider has to come up with good questions that wouldn't be easy for someone else to answer just by visiting the person's Facebook profile or getting to know them a little. Then they have to get the person to actually set answers for those questions. The person, on the other hand, has to try to remember what they answered for this obscure question at the time they answered it, or even if they just answered "stupid" for every question because they were really annoyed with the whole process.
Acxiom has established an API that they are using for their Blackboard relationship, but from conversations I've had with the vendor it sounds like it's all new enough (and they're new enough to this market) to where they've never looked at integrating to something like a Sun IdM instance before. We also just have to hope that Acxiom has learned a lot of valuable lessons from their past security problems and would take better care of institutional data.
No comments:
Post a Comment