[DEPR]: Software Secure IDV Integration

[MichaelRoytman]

Proposal Date

2024-07-17

Target Ticket Acceptance Date

2024-07-31

Earliest Open edX Named Release Without This Functionality

Sumac - 2024-10

Rationale

The verify_student Django app in the edx-platform implements various forms of identity verification (IDV) that are used across the platform. One implementation of IDV is an integration with Software Secure, an IDV vendor. To our knowledge, edx.org is the primary user of this integration. Until recently, we were aware of only two Open edX users of this integration - EDUlib and Open Craft - and we have since learned that they no longer use it. 2U is replacing Software Secure as its photo IDV vendor. For this reason, the Software Secure integration will be unused and has no purpose in the core. It is dead code and contributes to the unnecessary complexity of this application.

Removal

The implementation of the Software Secure integration has its tentacles in a few areas of the platform. This may not be an exhaustive list, but it should be comprehensive.

• the SoftwareSecurePhotoVerification model, the PhotoVerification model, and the SSPVerificationRetryConfig model
• references to the SoftwareSecurePhotoVerification model in the IDVerificationService
• the SoftwareSecurePhotoVerificationAdmin and the SSPVerificationRetryAdmin
• the SoftwareSecurePhotoVerification as the sender in the send_idv_update signal
• tasks
• management commands
  • retry_failed_photo_verifications
  • trigger_softwaresecurephotoverifications_post_save_signal
  • approve_idv_verifications
  • send_verification_expiry_email
• views
  • SubmitPhotosView
  • ReverifyView
  • PhotoUrlsView
  • DecryptFaceImageView
  • DecryptPhotoIDImageView
  • results_callback
  • removal of the legacy IDV flow from PayAndVerifyView
• legacy IDV flow
  • JavaScript
  • UI and email templates

Replacement

We do not propose replacing the Software Secure IDV integration because it is not appropriate to add integrations with specific IDV vendors into the core.

2U is in the process of proposing adding extensibility mechanisms to the verify_student application to enable the seamless integration of additional IDV vendors into Open edX installations without polluting the core. This is not a replacement per se, but it will provide the capability for Open edX operators to integrate with IDV vendors of their choosing. Please see openedx/platform-roadmap#367 for more details.

Deprecation

We do not believe marking code for deprecation is necessary given the low usage of Software Secure IDV.

Migration

This is TBD, pending the outcome of openedx/platform-roadmap#367. Assuming that that proposal is approved, migration will be necessary to do the following.

• We must copy all records in the SoftwareSecurePhotoVerification model to the new VerificationAttempt model.
• We must update the state of the VerificationStatus model based on the above migration.
• The indirect reference to the SoftwareSecurePhotoVerification model in the VerifiedName model must be updated.

In order to update the VerifiedName model, the following may be a reasonable approach for migration.

• We will add a new column verification_attempt to the VerifiedName model, which will be a ForeignKeyField to VerificationAttempt. In the beginning, a given VerifiedName will have a value for either verification_attempt_id (via SoftwareSecurePhotoVerification) or verification_attempt (via VerificationAttempt).
• As part of the process of copying all records in the SoftwareSecurePhotoVerification model to the new VerificationAttempt model, we will also set the verification_attempt field to the proper reference associated with the new VerificationAttempt instance. If a VerifiedName has values for both fields, verification_attempt will take priority.
• References to the VerifiedName.verification_attempt_id column will be removed.
• The SoftwareSecurePhotoVerification model will be dropped. The VerifiedName.verification_attempt_id column will be dropped.

Additional Info

• [Proposal] Add Extensibility Mechanisms to IDV to Enable Integration of New IDV Vendor Persona
• [Input Needed] IDV Usage and Requirements

Task List

TBD