wvholland
commented
4 years ago up to the techical or functional specialist, but I tend to ECK-ID, RIO thing, and EAN
Closed MarcelUntied closed 4 years ago
wvholland
commented
4 years ago up to the techical or functional specialist, but I tend to ECK-ID, RIO thing, and EAN
eliashassing154
commented
4 years ago I found this in earlier documentation: User and Application Authentication, via OpenID-Connect (or Oauth 2.0) and include ECK-ID and RIO school information
eliashassing154
commented
4 years ago @MarcelUntied I talked to the PO for RIO once, if you need I can introduce you.
MarcelUntied
commented
4 years ago @eliashassing154 Ok, that would be interesting for a later moment in the pilot. Thanks for the offer! I think it is best to make a decision first on the identities we want to use.
niesink
commented
4 years ago ECK iD On the topic of ECK iD: if we do decide to only allow ECK iD's as user identifiers I think we should explicitly acknowledge that this would exclude schools that don't use ECK iD's from use of this new ecosystem. A quick look at our SIS tells me that would impact around 10% of the current student population.
RIO As a SIS we've been reasonably involved in the development of RIO over the past years. I think it's important to realize that the RIO model contains a bunch of different entities that represent different real life entities. My suggestion would be to first figure out which real life entity we want to identify as 'the school' so we can then see if any of the RIO entities (onderwijsaanbieder, onderwijslocatie, instellingserkenning, etc.) match that real life entity. Additional complexity is added here by the fact that schools are reasonably free to implement RIO as they see fit, meaning one school might see their branch/BRIN6 as one onderwijsaanbieder, where another might group multiple schools/BRIN4 in one onderwijsaanbieder.
cliftonc
commented
4 years ago The only other point I want to add on using only ECK iD is that it obviously isn't unique to the combination of school and learner (by design), and hence if that student moves from one school to another, and that second school uses the same Learning Application, then by design that school would be able to see information about the previous activities of that learner.
We had this flagged this year as a 'security incident' when we implemented ECK iD as the primary identifier. We then reverted it, and now just use it as additional metadata.
If we used a unique 'SSO ID' from the schools IdP then this doesn't occur, but we can obviously still carry the ECK iD around as metadata, so if we want to export / import or report for the learner we would be able to.
JerryP-eco
commented
4 years ago As an addition to niesink's remark about a school-identiefier/RIO it is important from MP/fulfillment-view that the school-identifier represents the entity we are doing business with, in fact a physical/delivery location. In current system we use the BDL-school-id (digidelivery-id) for this. After many years of finding a proper school ID, this one seems to work pretty good. Perhaps this could also be one of the entities in RIO?
Looking at a probable hybrid situation during transformation, it could also be a nice catch when key identifiers (for student, school, product) are the same in old and new system.
HJTLN
commented
4 years ago Why is this question relevant for financial or functional track?
eliashassing154
commented
4 years ago @HJTLN it's not, it will be picked up in the technical track
JorritJ
commented
4 years ago For functional I think it is enough to define a unique User ID, same with the Product ID. I do not see a reason to pick a specific implementation; userID can be OAuth/OpenID (like Google, or another IDP) next to the ECK-ID so that students from another country or private education/school can be served. For product IDs it might be different than EAN, though not likely for now.
Input work stream finance & admin: Proposal