Privacy-first data exchange
How Learning Tapestry built a secure, serverless student data exchange platform for a major cloud provider and then open-sourced it as SSDN. A pioneering approach to ed-tech data sharing built on consent, not surveillance.
The Problem: Broken Status Quo
Every ed-tech integration in 2018 was point-to-point. Vendor A would build a custom connector to district B with no standards, no consent layer, and no audit trail. Student data would flow through ad-hoc “pipes” that nobody could inspect.
A school district using Canvas for assignments, Blackboard for grades, and a dozen other platforms for supplementary learning had no way to connect those systems without bespoke engineering for each pair. Every new partnership meant reinventing authentication, authorization, and data formatting from scratch. Multiply that by thousands of districts and hundreds of vendors and you get an ecosystem held together by duct tape and good intentions.
Couple that with the fact that the data are among the most sensitive that exists: student learning records, behavioral events, and assessment results, and it becomes a privacy nightmare.
Student data was everywhere and nowhere at the same time. Every tool had a piece of the picture, but no one could see the whole child, and no one could tell you exactly where that data had gone.
A major cloud provider looked at this landscape and asked a question that nobody in ed-tech had asked at the infrastructure level: what if there were a platform for this? They envisioned a foundational system that any organization could deploy to securely exchange learning data using open standards with privacy built into the architecture itself.
They came to Learning Tapestry because the expertise they needed did not exist anywhere else. They wanted an organization with deep knowledge of education data standards (xAPI, Caliper, Ed-Fi), open-source ed-tech infrastructure, and cloud-native serverless architecture. LT had spent years building at exactly this crossroads.
The Solution: Doorknocking
The key invention was the “doorknocking” protocol. Before any data flows between two organizations, the sender knocks.
The requesting organization sends a formal connection request that specifies exactly what data they want to share, in what format, and for what purpose. The receiving organization reviews the request in their admin panel and explicitly accepts or declines. Only after mutual, documented consent are secure credentials established and data channels opened.
No data moves without permission. No access is granted by default. Every connection is scoped to specific data types and formats. Every exchange is logged, auditable, revocable. It is the digital equivalent of a locked door with a doorbell, and both parties have to agree before it opens.
In education data exchange, FERPA is not optional. It is the foundation. The doorknocking protocol’s consent-based architecture was designed with student privacy regulations as a first constraint, not an afterthought. It was privacy by architecture, not by policy.
Over nine months, the Learning Tapestry team designed and built a complete, serverless data exchange platform. Every component was AWS-native, deployed via a single CloudFormation template, and designed to scale to zero when idle, meaning organizations only paid for what they used.
CloudFormation-deployed, AWS-native infrastructure: API Gateway, Lambda, Kinesis, DynamoDB, S3, CloudFront, Cognito. A single template stands up a fully functioning, secure node in any AWS account. Scales to zero when idle.
xAPI collection handling 1,000+ learning events per second. Caliper 1.1 sensor and receiver for university analytics. Ed-Fi extensions for K-12 interoperability. S3 file transport for bulk data exchange.
Every data flow requires explicit agreement through the doorknocking protocol. No silent sharing. No default access. Full audit trail of every connection request, approval, data transfer, and revocation.
IAM-based authentication across AWS accounts without shared credentials. Each organization deploys their own instance. No centralized infrastructure. No single point of failure. No single point of trust.
The Impact
The code lives on as SSDN on GitHub. Apache-2.0 licensed. 366 commits across 7 releases. The doorknocking pattern and insistence that every data exchange begin with explicit consent influenced how Learning Tapestry thinks about every data project since.
When SSDN was demonstrated at CoSN in April 2019, it was a proof of concept for an idea that the industry had not yet internalized: privacy-first data sharing in education could be both standards-compliant and operationally simple; you do not have to choose between interoperability and consent.
University partners saw it immediately. Research institutions recognized SSDN as key infrastructure for aggregating data from multiple ed-tech sources without compromising student privacy. Learning management system providers explored it as a mechanism to solve their own data distribution challenges. Districts saw a path to cross-institutional data sharing that had been impossible when every connection required custom engineering.
The most important feature of any data exchange system is the ability to say no.
References
- ADL Initiative, “Experience API (xAPI),” adlnet.gov. Open standard for tracking learning experiences.
- 1EdTech (formerly IMS Global), “Caliper Analytics 1.1,” imsglobal.org. Learning analytics interoperability standard.
- Ed-Fi Alliance, “Ed-Fi Data Standard,” ed-fi.org. K-12 education data interoperability standard.
- Learning Tapestry, “SSDN — Secure Student Data Network,” GitHub. Apache 2.0 license.
- ITIF, “Steve Midgley,” itif.org. Former Deputy Director of Educational Technology, U.S. Department of Education.
Building data infrastructure that respects privacy? We wrote the playbook and made it open source.
We build education technology that puts privacy and interoperability first.
Work with us