EMREX Best Practices for newcomers
This page contains best practices, default values, issues to be solved, before a new HEI or country can take the NCP or SMP into use. Only comments and notes, the details are in the corresponding sections
Authentication system
The EMREX network is based on trusting the other partners. Each country and HEI of course uses their own authentication methods, but generally speaking the following seems to hold true
- a federation of trust based on unique username+password can be used also in the EMREX network
- there need to be one point of strong identification, e.g. the student should be required to personally be present with a valid identity to get his username
Matching of names
The matching of names is proposed to be done with a Levenshtein method. Default threshold value is 10%, but each implementer need to adjust this according to national needs
Due to limited added information and risk for allegations of discrimination, some partners have decided not to use the sex of the student as a parameter.
Logging
Logging is divided into two parts. An anonymous statistical log that can be shared with the whole EMREX network. And a national log that fulfills the national requirements for logging.This part is not shared between the countries and will be different between different implementations. Questions to be answered.
- what data must/must not be logged about the transactions? (person, date, content)
- how long shall the logs be kept? (minimun or maximum rules?)
- who can access the logs and how is that restricted?
Legal aspects
EMREX assumes that any student has the right to ask for his own achievement records. However, different legal rules can affect the strictness of the implementation, e.g.
- is the achievement record public or private information? Might affect how strong the authentication process is
- if the matching of names fails, what is allowed to do? Can the data still be transmitted to the HEI with a flag?