+ Post New Thread
Results 1 to 14 of 14
Virtual Learning Platforms Thread, Which is the easiest method to replicate student identity data? in Technical; Until now, we have left it up to individual teachers to load just the students they want onto Yacapaca. Now ...
  1. #1
    Yacapaca's Avatar
    Join Date
    Jul 2009
    Posts
    18
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Which is the easiest method to replicate student identity data?

    Until now, we have left it up to individual teachers to load just the students they want onto Yacapaca. Now we are getting requests for whole-school working. Teachers want student IDs and class affiliations to just automagically appear for them. That's fair enough, but we want to make the process as pain-free and secure as possible for the person who is going to transfer the data out of the MIS.

    Which routes would you like to see us follow?
    • we have ruled out LDAP and Shibboleth
    • SIF and IMS Enterprise are high-end candidates
    • simple CSV files are the most straightforward
    • what have we missed?

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    Why have you ruled out LDAP? That would be the best way for us. Makes it easer as students dont have another password to remember.

  3. Thanks to FN-GM from:

    Yacapaca (25th January 2013)

  4. #3
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    936
    Thank Post
    56
    Thanked 162 Times in 114 Posts
    Rep Power
    67
    What is your classification of high end? Expensive?

    SIF can be a low cost option, happy to have a conversation about it if it would help?

  5. Thanks to penfold_99 from:

    Yacapaca (25th January 2013)

  6. #4
    Yacapaca's Avatar
    Join Date
    Jul 2009
    Posts
    18
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    FN-GM We are wary of LDAP because our experience from other projects is that LDAP integration with external websites often fails. If you have examples of integrations with externally-hosted sites that are stable and successful, I would really like to investigate them.

  7. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    Quote Originally Posted by Yacapaca View Post
    FN-GM We are wary of LDAP because our experience from other projects is that LDAP integration with external websites often fails. If you have examples of integrations with externally-hosted sites that are stable and successful, I would really like to investigate them.
    @Yacapaca Microsoft Office 365 and Google Apps. Perfect examples

  8. Thanks to FN-GM from:

    Yacapaca (25th January 2013)

  9. #6
    Yacapaca's Avatar
    Join Date
    Jul 2009
    Posts
    18
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks FN-GM. I will go back to my team and see if I can change their minds.

  10. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    Just because the "team" doesn't like to use LDAP doesn't mean it shouldn't happen. You need to keep us happy, without us you wouldn't be here

  11. Thanks to FN-GM from:

    Yacapaca (25th January 2013)

  12. #8
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,538
    Thank Post
    37
    Thanked 504 Times in 435 Posts
    Rep Power
    114
    You have a few ways of doing federated authentication (that's what MS call external AD authentication).

    1. Is writing something that can use the AD Federated Services stuff MS have made, this basically a HTTP/HTTPS POST to a school server that is available externally, this intern authenticates the user and posts the user back to your site with the auth token.
    2. Is writing something that uses Shibboleth, this is like ADFS but doesn't natively use MS tech
    3. Is to make a program that sits on the school site and establishes a http/https keep alive connection, when a user attempts to log into yacapaca, if the school is known, it will sent a request down the pipe to the school asking if this user is ok (obviously encrypt the username & password in the pipeline), the school then returns a simple yes or no, or you could go further and get back the first name, last name, upn, etc. If the user exists in your own database it will use that and just update the details if they have changed (no password stored), or it will create the user. This is basically how 1 and 2 work but you are making the interface between your external website and the school's AD infrastructure.

    Hope that helps.

  13. Thanks to nickbro from:

    Yacapaca (26th January 2013)

  14. #9
    Yacapaca's Avatar
    Join Date
    Jul 2009
    Posts
    18
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    @FN-GM (or anyone!) what do Microsoft Office 365 and Google Apps do when the student wants access outside of school? AIFAIK, most LDAP servers are accessible only from within the school network. This is what tripped us up last time.

  15. #10
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,538
    Thank Post
    37
    Thanked 504 Times in 435 Posts
    Rep Power
    114
    That's what ADFS is for. It'll redirect the user to one of your servers over https to authenticate and then send them back, your server will send a token saying, yes or no

  16. #11
    Yacapaca's Avatar
    Join Date
    Jul 2009
    Posts
    18
    Thank Post
    9
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by nickbro View Post
    That's what ADFS is for... this basically a HTTP/HTTPS POST to a school server that is available externally,
    Nick, thanks for this. To me it confirms the problem though. It fails very inelegantly if/when the school server is not available externally.

    What happens with Microsoft Office 365 and Google Apps in this situation? Do they simply fall over, or do they have a fallback of some kind? Excuse my nervousness, but this sounds to me like a recipe for a thousand support calls, all blaming us for problems on services we don't control.
    Last edited by Yacapaca; 7th February 2013 at 05:52 PM.

  17. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    if/when the school server is not available externally.
    Well surely thats a risk the school should decide on...

  18. #13

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,028
    Thank Post
    887
    Thanked 1,723 Times in 1,488 Posts
    Blog Entries
    12
    Rep Power
    453
    @Yacapaca it will make you stand out from the rest if you go for this! Will give you the edge. Our school uses lots of online services. Many have different logins, its a real pain to manage.

  19. Thanks to FN-GM from:

    Yacapaca (7th February 2013)

  20. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,939
    Thank Post
    1,343
    Thanked 1,787 Times in 1,110 Posts
    Blog Entries
    19
    Rep Power
    595
    I would be another advocate for SIF and Shibboleth ... the more that make use of them the better the options for them being ubiquitous.

  21. Thanks to GrumbleDook from:

    penfold_99 (3rd March 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. Not sure if this is the right place to put this...
    By gwendes in forum General Chat
    Replies: 0
    Last Post: 12th February 2009, 08:21 AM
  2. Replies: 14
    Last Post: 11th March 2008, 01:54 PM
  3. Replies: 15
    Last Post: 16th November 2007, 01:49 PM
  4. If you can't get CISCO which is the next best?
    By e_g_r in forum Wireless Networks
    Replies: 33
    Last Post: 17th September 2006, 10:24 PM
  5. What is the world coming to
    By ITWombat in forum General Chat
    Replies: 0
    Last Post: 5th August 2006, 05:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •