Home || The Problem || Solution Overview || Common Format || Software

Solution Overview

Implicit in any protocol definition is some assignment of functions to the various protocol participants. When those participants are administratively independent one from another, binding assignments of protocol function -- which might otherwise seem purely technical choices -- are politically significant. For the sake of transparency, this protocol specification explicitly reckons the political consequences of its implicit design choices.

Preparation and delivery of secondary school transcripts most affects the interests of individual students. After all, the process is entirely motivated by a student's need to certify his or her personal academic achievements as evidence of merit for employment, higher education, or other social advancement or reward. Accordingly, individual student needs properly dominate the design of a common system for transcript exchange. Because a secondary school transcript certifies a student's personal merit, students need transcript documents that are credible to recipients -- for which the origin and integrity of transcript content is assured. Because a school transcript records personal information about an individual student, student privacy is paramount: control of transcript distribution must be closely held by the individual student, and each student must be able to protect the confidentiality of his or her transcript in transit.

Communication of transcript content between originator, student, and ultimate recipient is most secure only if that communication is end-to-end. While the end-to-end argument is fundamental to the design of the Internet, it is also critical to the design of secure communication protocols (Section 6.2, page 6 of RFC 1958). In contrast, securely communicating student information to a centralized (and otherwise uninvolved) third party clearly degrades student privacy and increases cost. Claims to the contrary are at best logically absurd and at worst darkly motivated.

After students, transcript handling must address the interests of transcript recipients, which may include college admission officers, propsective employers, scholarship foundations. Recipients must be able to evaluate the origin and integrity of received transcript documents easily and independently. Secondarily, recipients may benefit from mechanical extraction and summary of transcript content to support their own internal decision processes.

Finally, common transcript handling must address the needs of the transcript originator -- typically a secondary school guidance counselor or other school official. An originator's legitimate interests are reducing the cost of preparing transcript documents and meeting any legal or moral obligations to protect student privacy. Insofar as the very notion of electronic school transcripts implies their automated preparation by computers, dramatic cost reductions over traditional manual processes are also implicit. An originator's obligation to protect student privacy is most elegantly and inexpensively met by simply not conveying transcript information about a particular student to anyone other than that student.

A principal design goal of the EESST format is to provide a common mechanism for exchanging school transcripts while constraining local policy as little as possible. For example, while EESST provides a common format for representing a very wide range of possible transcript content, the choice of what information is included and what information is omitted is an entirely local matter. Similarly, using the OpenPGP standard for securing school transcript exchange admits the greatest flexibility regarding trust relationships among the participants.