How BYU Will Use APIs to Give Students Control of Their Data

As we turn more and more to the Cloud, Big Data, and the Internet of Things to help run our lives, we’re seeing a rise in Cybercrime; colleges and universities are no exception. In February of this year, over 63,000 students at the University of Central Florida had their sensitive personal data exposed including social security numbers, names, and addresses. On average, a university database is hacked every two months raising concerns about how universities are handling their student’s data. 

In the midst of this “Cyberchaos”, Brigham Young University (BYU) is taking a unique approach. They have partnered with Jim Groom, director of technology at University of Mary Washington (UMW), to designed a working API for their students. The purpose is to give their students the ability to manage their online identity. This means that they can decide when, how, and with whom they share their personal data.  

In respect to student’s personal data, BYU is not the first to suggest that students should be in the drivers seat. 30 US universities have already implemented similar policies.  In 2013, for instance, UMW gave students the ability to create their own domain name in association with UMW’s web server. They called the project, Domain of One’s Own, and geared the functionality towards scholastic endeavors. Teachers and students alike could share or publish coursework, design and manage their own web space, build portfolios, or work on personal projects. The success of Domain of One’s Own compelled many colleges to follow suit and create similar programs.  

    BYU, however, is upping the ante with their API; they believe sovereign-source identity is the way of the future. Sovereign-source identity is another way of saying that one’s identity is autonomously derived.  In respect to BYU’s new API, this means that project director Phil Windley wants students to actively define themselves online. Up until this point, most students gave their personal information to their university. After this, they had no control over who saw it or what happened to it. “We want to teach students that this isn’t the only way identity happens online. They can create their own,” says Windley. BYU’s API is meant to serve as the middleman between student and university, allowing the university to access a student’s data only under the consent of the student. 

Windley hopes that, in addition to solving data security issues, this new API will also aid in furthering education and “help[ing] students understand their personal identities”. From their personal domain, students will be able to share data with a variety of applications and programs including social media and class sites. They will also have the ability to publish and share coursework and decide how much of their data can be seen publicly. All of which, of course, gives students more control over both their work, their portfolios, and any related data. 

Testing for their API will begin this spring, and BYU encourages students to take advantage of this opportunity to experiment with sovereign-Source Identity and how it can redefine their online presence. 

Be sure to read the next Security article: 4 Application Security Vulnerabilities You Should Be Aware Of

Original Article

BYU’s Bold Plan to Give Students Control of Their Data