+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 62
MIS Systems Thread, Cloud MIS Security in Technical; @ X-13 an interesting suggestion and possibility one with legs. It is possible to have a trusted link into another ...
  1. #16

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,331
    Thank Post
    36
    Thanked 353 Times in 238 Posts
    Rep Power
    79
    @X-13 an interesting suggestion and possibility one with legs.

    It is possible to have a trusted link into another cloud which would allow no run time password to be required however I think the MIS Cloud supplier would be liable for any data theft even if that occurred via a TP. We are talking eye-wateringly high fines so perhaps some form of bond would be required to protect the MIS vendor?


    This whole area is very difficult to see a way through so hopefully someone will come up with a suggestion!

  2. #17

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,697
    Thank Post
    664
    Thanked 1,632 Times in 1,460 Posts
    Rep Power
    423
    E1 uses a username/password combo plus ask for 3 random digits of a 6+ digit pin code.

    Ben

  3. #18
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    Quote Originally Posted by GREED View Post
    How can we conveniently get data to x third party (or from) while still being secure with a data key or the like... I don't have the answer myself!
    Lucky I do. Drum roll........ And the answer is SIF.

    SIF allows for secure data transfer between applications plus it doesn't matter if the MIS is in house and the other application is hosted externally, vice versa or both remote.

    connections are secured by client ssl certificate authentication.

  4. Thanks to penfold_99 from:

    vikpaw (16th February 2013)

  5. #19
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    There are two types of authentication application and user.

    One of the key things to understand is where the system boundaries are between users and data.

    Application to application integration extends this boundary outside of the normal boundary of the school or La network, but the relationship between users and data doesn't change.

    One key thing to remember is the requirement for dual authentication only applies in a few use cases and mainly down to the type of data being accessed.

    The government clarified this in relation to parents/guardians, with online reporting the parent has access to data normally covered by IL2 but due to the cost of rolling out dual authentication they advised it wasn't required as only a small new of records were allowed to be accessed per login.

    One of the key things MIS's should do but currently don't (I haven't seen anything that does) is scope which students an application access.

  6. 2 Thanks to penfold_99:

    Steven_Cleaver (16th February 2013), vikpaw (16th February 2013)

  7. #20
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    465
    Thank Post
    174
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    Quote Originally Posted by penfold_99 View Post
    There are two types of authentication application and user.

    One of the key things to understand is where the system boundaries are between users and data.

    Application to application integration extends this boundary outside of the normal boundary of the school or La network, but the relationship between users and data doesn't change.

    One key thing to remember is the requirement for dual authentication only applies in a few use cases and mainly down to the type of data being accessed.

    The government clarified this in relation to parents/guardians, with online reporting the parent has access to data normally covered by IL2 but due to the cost of rolling out dual authentication they advised it wasn't required as only a small new of records were allowed to be accessed per login.

    One of the key things MIS's should do but currently don't (I haven't seen anything that does) is scope which students an application access.
    Hi @penfold excellent points but could you explain what you mean by "One of the key things MIS's should do but currently don't (I haven't seen anything that does) is scope which students an application access."

    Thanks

  8. #21
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    Quote Originally Posted by Steven_Cleaver View Post
    Hi @penfold excellent points but could you explain what you mean by "One of the key things MIS's should do but currently don't (I haven't seen anything that does) is scope which students an application access."

    Thanks
    For example if an application only requires details for a sub set of students such as 6th form, SEN, they should only have access to those students. Most system grant access to all students irrespective of what data the application requires.

    Context is a tricky thing to implement successfully between application as its dependant on the needs of the user.

  9. Thanks to penfold_99 from:

    Steven_Cleaver (16th February 2013)

  10. #22

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    6,009
    Thank Post
    680
    Thanked 1,398 Times in 1,158 Posts
    Rep Power
    353
    Quote Originally Posted by penfold_99 View Post
    For example if an application only requires details for a sub set of students such as 6th form, SEN, they should only have access to those students. Most system grant access to all students irrespective of what data the application requires.

    Context is a tricky thing to implement successfully between application as its dependant on the needs of the user.
    Or the company asks for full 'GOD' rights (or thereabouts) on the system: Attendance Manager, Timetabler, Third Party Reporting, System Manager, Personnel ... . .

    Softlink the libary people wanted me to grant all kinds of access to simply dump a list of student names and reg groups, not to mention charge for integrating. i did it myself using command reporter in the end.

  11. #23
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    465
    Thank Post
    174
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    Quote Originally Posted by penfold_99 View Post
    For example if an application only requires details for a sub set of students such as 6th form, SEN, they should only have access to those students. Most system grant access to all students irrespective of what data the application requires.

    Context is a tricky thing to implement successfully between application as its dependant on the needs of the user.
    Thanks thats clear now and can see your point.I get what you mean about the context and the needs of the user.

    Do you think this would be feasible by divising a system or appliaction that only pulls the relevant information from the SQL database in SIM's into another database which you could then add in your own fields that SIM's may not hold, be interested in or manage as well, which you could then customise to suite.

    Sorry if this is off point just interested in opinions really.

  12. #24

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    6,009
    Thank Post
    680
    Thanked 1,398 Times in 1,158 Posts
    Rep Power
    353
    I don't think it would be very efficient. Creating a view might work better, though i never managed to edit data that i accessed via a view.

  13. #25
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    465
    Thank Post
    174
    Thanked 85 Times in 69 Posts
    Rep Power
    50
    Quote Originally Posted by vikpaw View Post
    I don't think it would be very efficient. Creating a view might work better, though i never managed to edit data that i accessed via a view.
    I can see what you mean about it not being efficient just think it might allow me more flexibility in what I wanted to do with it in regards to customisation.

  14. #26
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    Quote Originally Posted by vikpaw View Post
    Or the company asks for full 'GOD' rights (or thereabouts) on the system: Attendance Manager, Timetabler, Third Party Reporting, System Manager, Personnel ... . .

    Softlink the libary people wanted me to grant all kinds of access to simply dump a list of student names and reg groups, not to mention charge for integrating. i did it myself using command reporter in the end.
    That is mainly due to how (for example) sims permissions work and how they roughly relate to data items.

    To gain access to one data item for example teacher role (which is in their contract) you need personnel manager rights. Which gives access to most system don't need.

    You could go down the custom permission but that would in increase possible support issues after MIS upgrades

  15. #27
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    Quote Originally Posted by Steven_Cleaver View Post
    Thanks thats clear now and can see your point.I get what you mean about the context and the needs of the user.

    Do you think this would be feasible by divising a system or appliaction that only pulls the relevant information from the SQL database in SIM's into another database which you could then add in your own fields that SIM's may not hold, be interested in or manage as well, which you could then customise to suite.

    Sorry if this is off point just interested in opinions really.
    SIF is able to do this through XML filtering.

  16. #28

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    6,009
    Thank Post
    680
    Thanked 1,398 Times in 1,158 Posts
    Rep Power
    353
    Are there any obstacles to SIF?
    Is SIF the only solution?

  17. #29
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    946
    Thank Post
    58
    Thanked 163 Times in 115 Posts
    Rep Power
    67
    Quote Originally Posted by vikpaw View Post
    Are there any obstacles to SIF?
    Is SIF the only solution?
    The only obstacles to SIF is supplier support, we have written SIF agent where needed and have been talking to suppliers regarding adopting SIF.

    When talking to suppliers the driver is now having to support 2 new MIS in the form of progresso and aspen.

    Progresso has a SIF agent but aspen doesn't yet.
    We also need schools to talk to their suppliers about SIF integration and when there will be support.

    Is SIF the only answer, well yes and no. If you just want a common data model then no, there are others CTFs but these may not contain the required information, if you are wanting to keep multiple data sources in sync such as MIS, library system, learning platform, cashless catering with the potential for update from any system then SIF is the only answer.

  18. #30

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    6,009
    Thank Post
    680
    Thanked 1,398 Times in 1,158 Posts
    Rep Power
    353
    Does SIMS have a SIF agent?

    I was thinking of alternatives which might be quicker in the short term, getting around my initial question of ad hoc data access, if SIF uptake is slow. Why is that by the way?

SHARE:
+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Cloud MIS systems
    By MissyD in forum Cloud Services
    Replies: 5
    Last Post: 4th February 2013, 04:04 PM
  2. SIMs Discover and MIS Cloud questions
    By Qualitypolice999 in forum MIS Systems
    Replies: 10
    Last Post: 26th June 2012, 01:05 PM
  3. Replies: 4
    Last Post: 17th April 2012, 10:07 AM
  4. MIS in the 'cloud'
    By garrysaddington in forum MIS Systems
    Replies: 13
    Last Post: 4th December 2009, 10:12 PM
  5. School security during holidays
    By nawbus in forum General Chat
    Replies: 4
    Last Post: 27th August 2005, 03:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •