[Proposal] Add Extensibility Mechanisms to IDV to Enable Integration of New IDV Vendor Persona

Owned by
Michael Roytman
Last updated: Jun 25, 2024
2 min read

Overview

The goal of this project is to replace the current vendor for identity verification (IDV) on edx.org, Software Secure, with a new vendor, Persona. On edx.org, IDV is used solely for verifying name changes via the Name Affirmation feature in the frontend-app-account MFE, but IDV may be used for other purposes in the community (e.g. to block generation of a verified certificate).

Problem

The backend implementation of IDV is in the edx-platform verify_student application, and the frontend implementation of IDV and the Name Affirmation feature that uses it is in the frontend-app-learning MFE. Both repositories are in the openedx GitHub organization.

We would like to design an integration approach that balances the needs of 2U and the community. We would like to leverage the various extensibility mechanisms that the platform supports, but we need guidance around how “pluggable” the solution must be and what IDV-related community needs must be met, particularly since 2U uses IDV for a smaller set of features than the platform currently supports.

There are also parts of the verify_student application that have an unclear purpose and may have limited need in the community save for an operator or two. For example, the ReverifyView does not appear to be used anywhere The PayAndVerifyView also appears to have limited use. We do not have the bandwidth to do the deprecation at this time, but it would be helpful to know which parts of the codebase are core and which are unused legacy code.

Use Cases

Note that these are 2U use cases.

  • As a learner who has earned a certificate, I need to be able to verify my identity after requesting a name change, because this validates that I am who I say I am. This maintains the value of a certificate and ensures that the certificate is attributable to me.

  • As a Open edX installation operator, I need to be able to integrate new IDV vendors into the platform with no disruption to other installations.

Discovery

  • In a pluggable solution, what IDV features or integrations into the platform must be supported?

  • Are there any IDV features or integrations that can be ignored or not considered or that are planned to deprecation that we should be aware of?

  • How does the community use IDV? I asked in a Discuss thread but did not receive very much feedback.

  • What is the longterm role of IDV in the edx-platform?

  • Is it acceptable to build out extensibility mechanisms that are sufficient enough only to enable an integration with Persona and that may not support Software Secure or other IDV vendors?

    • For example, in the certificates generation logic, we may need to add a filter to “collect IDV attempts” so that we can add in our Persona records. 2U does not gate certificate generation on IDV, but some operators may choose to leverage that code path via the ENABLE_CERTIFICATES_IDV_REQUIREMENT Django setting. This means we may not need to add a filter to enable that certificates behavior.

  • Is there guidance for where it is acceptable to use a PluginSlot on the frontend? What requirements exist? Can it be inserted anywhere?