Sunday, 11 May 2008
Identity, Authentication and Data - Same or different
Another technology I've been looking at is Microsoft Identity Lifecycle Manager as a possible solution to managing identities for people across education. This seems to me to do much the same as SIF but less. If SIF can synchronise data and some of that data can be data from a school MIS system like SIMS and an account in Active Directory (or any directory) then why would we need ILM? Anyone like to enlighten me? All we need is agreement in a SIF data model for an identiyy zone and any identity system to write SIF agents. I guess there may be issues about passwords? And how does this all connect with Shibboleth and something like the UK Access Management Federation? If we use Shibbleth to get Single Sign On authentication across several services then why would we need to synchronise identities? Surely attributes could be synchronised using Shibboleth transactions. Or would Shibboleth trigger a SIF transaction? It's a confusing field alright.
Which SIF?
Recently got to know a little more about Capita's Partnership Xchange. OK so it's using the Schools Interoperability Framework transport method and their own SIF based data model to allow SIMS systems to pass core pupil, timetable, attendance and assessment data.
My understanding on the key to it working is the method by which schools determine which data from SIMS is sent out. This is achieved by having particular timetable items being the SIF shared data. Only data associated with pupils in those timetabled sessions is shared. Their core data appears as read only to non-home school SIMS systems. Schools hosting pupils from other schools can however write back attendance and assessment data. this depends on them having Lesson Monitor and Assessment Manager and having mark sheets and timetabled sessions that are the agreed across the consortium.
I think I understand much better now a major issue with SIF. Regardless of the relatively simple data model agreement databases management systems in the Zone have to:
My understanding on the key to it working is the method by which schools determine which data from SIMS is sent out. This is achieved by having particular timetable items being the SIF shared data. Only data associated with pupils in those timetabled sessions is shared. Their core data appears as read only to non-home school SIMS systems. Schools hosting pupils from other schools can however write back attendance and assessment data. this depends on them having Lesson Monitor and Assessment Manager and having mark sheets and timetabled sessions that are the agreed across the consortium.
I think I understand much better now a major issue with SIF. Regardless of the relatively simple data model agreement databases management systems in the Zone have to:
- Have interfaces to the agreed data model that validate data to the same standards as the most rigorous database receiving the data.
- Have a method of allocating only that data you want to share
- Ensure structures of data tables take into account historical data storage, date stamping data etc. so data is not lost
- Have logic to sort out what to do when data just doesn't match for example timetabled sessions. Just how do you squeeze 5 session attendance data into 6 sessions attendance systems? Nightmare. Data will have to be lost.
Subscribe to:
Posts (Atom)
