This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Sign In | Join the A4L Community
Chapter/Locale: Global
Group HomeGroup Home Blog Home Group Blogs
Search all posts for:   

 

View all (13) posts »
 

A Technical Architects Guide to the SIF 3 Infrastructure: Modernized Security

Posted By Penny Murray, Wednesday, October 25, 2017
Updated: Friday, October 20, 2017

A Technical Architects Guide to the SIF 3 Infrastructure: Modernized Security

On the wire: 

  • Internet grade security. 
  • Upgrade ready. 
  • Encrypted payloads, a reality.

 

At authentication:

  • Trusted accounts (service or personal).
  • Trusted servers.
  • SSO ready
  • Personal touches service paths and hints at the future.

 

It should come as no surprise that good Web Services employ Internet Grade Security to keep their communications safe on the wire.  What many people don’t realize is that Internet Grade Security has to keep changing.  From security holes found in the protocols used, to better hardware that can reduce yesterday’s math based security to plain text, the one constant in this consistent requirement is change.

We are here to help!  The SIF 3 Infrastructure has a separate Product Standard and Test Harness.  Respectively, to communicate current Internet Grade Security expectations and help you ensure our software meets them.  For the extra cautious, SIF 3 has been built so it may pass encrypted payloads.  It is great to be part of a community that keeps on top of this.

So while no one is eavesdropping on SIF 3 Infrastructure connections, who is communicating?  For us this is an interesting situation.  In the past we embraced certificates fully.  For verifying server identity this has become the dominant mechanism for establishing trust and we still follow it.  However Clients Certificates have not faired as well.  So while there is nothing preventing their use in SIF 3, we don’t expect them to be the norm.  In fact, we really are not confident of an industry norm in this area anytime soon.  So while the SIF 3 Infrastructure has some built-in ways to authenticate, it also is designed to allow for support of multiple Single Sign On (SSO) solutions.  We are working with at least one identity provider to help make this not only possible but also easy.

Whichever authentication mechanism you choose, they will grant access by data object type.  Additionally, we have a tradition of filtering sensitive fields, which is being bolstered and codified by the Student Data Privacy Consortium (SDPC) and Australian (AU) locale.  In the end, all data providers will be able to know and enforce the rules.  We seek to have the most trusted standards for accessing education data.

Good security is built in, not bolted on.

To find out more about the SIF 3 Infrastructure Specification, please go to: http://www.a4l.org/page/Infrastructure


Tags:  2017  Infrastructure  SIF 3  Specificatoin  technical 

Share |
Permalink | Comments (0)
 
  • SIF Association (dba Access 4 Learning (A4L) Community)

  • PO Box 1024, New Albany, Ohio 43054-1024

  • Phone: +1.202.621.0547

  • staff@A4L.org