Sovereign-Source Identity, Autonomy, and Learning


Our goal at BYU is to teach students to be life-long learners. We believe that giving students autonomy and control is the surest way to achieve that goal.


One of the stated aims of a BYU education is lifelong learning.

... a BYU diploma is a beginning, not an end, pointing the way to a habit of constant learning. In an era of rapid changes in technology and information, the knowledge and skills learned this year may require renewal the next. Therefore, a BYU degree should educate students in how to learn, teach them that there is much still to learn, and implant in them a love of learning "by study and also by faith" (D&C 88:118).

I don't think BYU is unique in this desire. A university education is designed to imbue graduates with expertise in a specific area of study. But that's never meant that they know all they'll ever need to know. A university education is more than just putting students through a few courses and then testing that they've absorbed the right facts. Students should become members of the intellectual discipline they study, able to carry on learning long after the leave the university.

Helping students become learners is harder than just teaching them. Active learners are responsible for their education. They are autonomous agents who not only participate in learning activities, but select things to learn, track their progress, and regulate and prioritize activities.

Sovereign-Source Identity

One of the cornerstones of BYU's plan to help students learn to learn is making them responsible for vital components of their online identity--a concept called sovereign-source identity.

Most students come to the university with multiple digital identities including email and social media. The University adds to this by giving them another (or three). These identities put the student in the administrative domains of the issuing party and are given for the issuing parties' purposes and on their terms.

A sovereign-source identity, in contrast, is one created and maintained by a person for their own purposes. On today's Internet, these usually take the form of a domain name1. By registering and using a domain name, a person can create an online identity that they control regardless of the administrative whims and business plans of someone else.

In support of this, we're using Domain of One's Own (DoOO) to offer a domain name and associated hosting to every BYU student along with faculty and staff. We have about 1500 people signed up to date, and it continues to grow.

Data Ownership and Personal APIs

Personal autonomy depends on a person's control of their data and applications. To see why consider the following picture:

traditional LMS

Traditionally we think of a student completing learning activities with an LMS. All the data about the student's activities gets stored in the LMS. And student data remains with the institution, if it's kept at all, when the student leaves.

Now consider this picture with all the same components, but rearranged:

personal API and the LMS

In this model, the student completes learning activities and stores the results in a data store they control. The student submits them to the LMS via a personal API. The LMS pushes data like grades, comments, due dates, and so on back via the student's personal API.

Not shown in this picture is that this model supports the student using multiple LMS's owned and managed by different organizations both during and beyond their matriculation. The student could use an LMS at school, one at work, switch to a different LMS when they transfer schools, and so on. The student is the center of their learning. The student is in control.

Hosting is an important component of the DoOO program—not just because a domain is more interesting when it points to something—but because it provides a place to host personal data and an accompanying API. Because it's hosted, it's not inside some company's administrative domain and subject to their terms and conditions. Instead, it's in a space that is under control of the domain owner. Hosting implies that the data and associated services can be moved independent of the underlying hosting provider.

Limits to Control

Recently, Marguerite McNeal wrote BYU’s Bold Plan to Give Students Control of Their Data in edSurge. Judging from the comments about an article Jim Groom wrote that reference's Marguerite's article, Domains as Ground Zero for the Struggle over Agency, there's a lot of misunderstanding about what it means to give students control of their identity and personal data. Here's a couple: never make a compelling case for giving students control over their data. I don’t even know what that means. Does that mean they can change their grades? I sure as hell hope not! Does that mean they have to grant each instructor permission to add a grade to their record? That would be annoying for the student and the instructor.
To assume (in this case) students have sovereignty over claims regarding their educational experience is ill-founded. Students aren’t the “supreme” owner of their grades. Universities are trusted to determine how grades, GPA’s, semesters, credit hours etc. are calculated.
I would like to echo the two previous comments and add that this is bordering on ridiculous. We do not and should not own every piece of information about ourselves.

One of the mistakes people make when discussing control of personal data is to assume that any data about someone is should automatically be included in the data they control. We should just as soon believe a person should control every photograph in which they appear. That is ridiculous. Thankfully, no one is suggesting that.

Grades, for example, might be about a student, but they're not the student's data. Consequently, the definitive copy would always be under the control fo the institution that awarded them. Lots of institutions will have data about people. People will continue to be part of the administrative regimes of those institutions.

While the grade and the transcript belong to the institution, the student might want a copy in their personal data store. Even a certified copy. This isn't hard to do technically and could be accomplished in several ways. The harder part of this is establishing the standard so that an employer, for example, could validate a credential at multiple schools without integrating with each of them.


Helping students create an online identity, independent of the various administrative spheres to which they belong, and giving them control of their data in meaningful ways leads to students being responsible for their learning and lets them act autonomously.

The Domain of One's Own program aims to improve student literacy about what it means to be a sovereign, online citizen, independent of the administrative regimes with which she interacts. Personal APIs build on that by giving students the means to control their data and act on that independence. We believe that these are foundational to enabling life-long learning.

  1. There are problems with a domain name as the basis for an online identity since they are rented rather than owned. Projects like WebDHT and XDI are aimed at creating single-use identifiers people can claim forever.

Please leave comments using the sidebar.

Last modified: Wed Oct 7 15:14:00 2020.