I'm delighted to be able to report back that in the first week of full operation, over 1,000 people have used the alumni service!
This is great news, and I'd like to thank all those involved in the project for their hard work and perseverance - in particular Taz Siddeeque, Henry Chambers and Chris Peel from the Loughborough Students Union Executive and Richard Barber from our Development and Alumni Relations Office. From IT Services, Graeme Fowler, Nikki Doyle, Kathryn Latham, Chris Beggs and Lee Preston have provided invaluable assistance and support. Most of all, though, Tim and Dan from Google, for their work on the Google Apps multidomain support, and simpleSAMLphp developers Andreas Solberg and Olav Morken from UNINETT - we couldn't have done it without you!
Let's just recap on why this is a big deal - in previous years, leaving students would have had their University IT presence completely destroyed when their IT account lapsed. This is common practice in the education sector, and was a necessity due to the limited resources available to us. However, student feedback indicated that the IT deregistration came at perhaps the worst possible moment - and caused severe stress at a time when people were least prepared for it. From our own point of view in IT Services, summer and winter graduations would invariably be accompanied by a flood of requests for expired accounts' data to be restored and accounts reactivated for a period. By an unhappy coincidence these have also been our busiest times for development work. So, bad all round.
The situation has changed completely now, because we are in a position to convert an expired student Google Apps account into an alumni account without loss of data. It may sound like hard work, but the heavy lifting is done by Google. All we have to do is post an XML fragment like this via Google's Provisioning API:
This API call moves the user's Google Apps account from our student domain to our alumni domain, preserving the associated data - including email, calendar, contacts and documents.
The missing link in all of this is the simpleSAMLphp software developed under the auspices of the Feide federated identity management project in Norway and subsequently widely taken up as a lightweight implementation of the Security Assertion Markup Language (SAML). Google Apps uses SAML 2.0 for single sign-on, which for our students translates behind the scenes to LDAP authentication against our Active Directory.
For alumni users we have hacked simpleSAMLphp to query the Google accounts database if the LDAP authentication fails. I had initially thought that we might achieve this through Shibboleth, but then I looked at the Shibboleth source code! I'd contend that simpleSAMLphp is much more tractable/hackable, and indeed the simpleSAMLphp experience has been so encouraging that we are currently looking at what we need to do to make it play nicely with the UK Access Management Federation.
The initial feedback that we have been receiving on the alumni service has been extremely positive, and I think it's particularly telling that people seem to be starting to take the new service for granted already :-) I saw something similar a few years ago when I led the project to implement the campus wide wireless network at Loughborough, but this took a little longer (two to three months) to reach the same stage of acceptance and expectancy. For me the message here is that this is how things should always have worked!
[To find out more about the Google Apps for Alumni service at Loughborough, please see our Alumni FAQ]
Hi Martin,
ReplyDeleteGoogle apps for alumni sounds too good to be true. Are you able to provide a secure alumni directory via Google Apps? I can't imagine my alma mater (Calvin College) giving up their online directory.
Thank you,
Luke Robinson
I think you have to look at this from a slightly different point of view - what we're aiming for in the long run (don't have this in place yet, though) is for the community that you were a part of as a student to simply persist on your departure. So, no need to find your old friends again on LinkedIn, Facebook etc.
ReplyDeleteI think Google Groups corresponding to module options and courses are going to be an excellent way of doing this. The initial level of interest in the service suggests that we're on the right track, but it will be interesting to look back in the months to come...
What our guys do in terms of fundraising and advancement runs in parallel, of course. But we're not going to be using Google Apps as our CRM - we have Raiser's Edge for this.
After struggling with this very same issue for several weeks now, what a relief it is to hear that it 'can' be done! Would you be willing to share your code with a fellow educator?
ReplyDeleteDavid - I've just emailed you separately about this! Happy to share code, although I would note that we're mostly cheating and using the excellent Google Apps Manager: http://code.google.com/p/google-apps-manager/
ReplyDeleteCheers,
Martin
Martin,
ReplyDeleteCan you provide any additional information on this - how do you flag your graduating students in the current student domain?
fazilr AT Gmail dot Com
Fazil - after a student has finished at our institution we leave a grace period before nuking their IT account, files etc.
ReplyDeleteHistorically this was their entire online presence as a Loughborough student, but with the take-up of the Google tools this is now primarily about deleting their central University filestore.
I'd like us to be able to map users' Google Docs areas to a drive on the logged-in machine, which is how they presently interact with our central filestore. However, this isn't a Google product (yet), and some of the third party options come with a significant price tag for a user population the size of ours.
One other data point that I would add re Google for Alumni is that we have a guaranteed unique (never reassigned) student ID number, which we poke into the user profile on the Google side in order to disambiguate potential clashes over account names - this facility wasn't available when we started the project.
We use the gContact:externalId attribute in the user profile for this. The URL of the profile feed looks like http://www.google.com/m8/feeds/profiles/domain/$domain/full/$email, in case that's useful.
Cheers,
Martin