This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Sign In | Join the A4L Community
Chapter/Locale: Global
Group HomeGroup Home Blog Home Group Blogs
All things relating to the overarching 'global' A4L Community.... don't forget to check out the blogs on the locale Communities too! | Australia: | New Zealand: | North America: | United Kingdom:


Search all posts for:   


Top tags: Infrastructure  Specification  2017  2018  2019  Community  SDPC  SIF 3  technical  data privacy  privacy  2016  A4L  API  Chromebook App Hub  community driven  Community Review  errata  GEPS  global  Google  grade pass back  interoperability  Just The Facts  newsletter  partnerships  REST  roster  Scalable  Secure 

SIF Infrastructure Specification 3.3: errata published

Posted By Administration, Friday, August 30, 2019

SIF Infrastructure Specification 3.3: errata published

SIFInfrastructureIt has been reported by A4L Community members that there were a few inconsistencies in the recent release of the SIF Infrastructure Specification 3.3, and the Community has been working hard to address them.  

 The change with the greatest impact comes for those doing privacy work, as the POD has been updated to follow our conventions when it comes to listing contacts. There were also unintentional changes from 3.2.1, around the number of times other fields may appear or where “nil” values are allowed.  Work was also focused to make some of the Infrastructure specific payload features more obvious, and JSON much more approachable.   

So, if you are doing any work with the 3.3 Infrastructure you will want to be sure you are using the August 15, 2019 version of the Infrastructure payloads.

To review the SIF Infrastructure Specification 3.3, please go to:

Tags:  2019  errata  Infrastructure  Specification 

Share |
PermalinkComments (0)

SIF Infrastructure Implementation Specification 3.3 enters Community Review

Posted By Administration, Friday, March 29, 2019

SIF Infrastructure Implementation Specification 3.3 enters Community Review


SIFSPecThis may be our most impactful Infrastructure release since we switched to REST, due to the inclusion of components to express privacy controls over the wire, which even ensures the latest set is known by the receiving system.  This joint effort with the Student Data Privacy Consortium (SDPC), a Special Interest Group of the A4L Community, is just the biggest change in this landmark release. 

Members are encouraged to review the proposed Specification release and help us get it right!

Current Scope for this release includes: Privacy Integration, Version Indication/Negotiation, PESC JSON Adoption, Global Core Objects for Cloud/App integration, and clarifications* (not intended to change the meaning of the specification.)

The Community Review is currently slated to run from March 28 – April 14, 2019 (inclusive).  Members are encouraged to provide their approval/feedback before COB on April 14 and will need to login to the website to access the survey.  A link to the Specification documentation can be found via the survey here.


Tags:  2019  Community Review  Infrastructure  Specification 

Share |

Did You See….?

Posted By Penny Murray, Tuesday, March 5, 2019
Updated: Tuesday, March 5, 2019

Did You See….?

Google Chromebook App HubAt SXSW Edu this week, Google released their vision for the new Chromebook App Hub.  “After extensive engagement with marketplace providers and end users, the new tool to “… bring transparency to developers’ data and accessibility policies, while also providing a space to tell educators and school administrators about how their apps meet a myriad of school needs.”.  The “Hub” highlights detailed information on products and also provides usage stories including lesson plans, success stories, etc.


Added to this great set of tools, the Access 4 Learning’s (A4L) Student Data Privacy Consortium (SDPC) is called out as a major resource to providers and schools in addressing their data privacy concerns.  In the recent blog post from Google, “We also worked closely with policy partners, including the non-profit Student Data Privacy Consortium (SPDC), that sees the App Hub as a great way to assist developers in considering the student privacy implications of their products in use with learners.  Larry Fruth, the CEO of Access 4 Learning (A4L), the non-profit group behind the SDPC, says, “The App Hub will also be a great tool for schools and states as they look for resources like the SDPC to address changing privacy policies. Districts can align the information in the App Hub to their local resource approval processes, which will greatly improve the on-boarding of new apps and the transparency in their usage for districts.”


Schools and learners benefit when companies provide transparent information on applications in use allowing them to make more educated decisions about which tools to put into the hands of students. This information will provide more insight into data privacy policies, effective practices and tools that are the focus of the SDPC Community’s work.  While applications may be published in the App Hub, schools still need to consider their local resource approval process before using an application in the classroom.  The SDPC Community is focused on thousands of schools and dozens of states including international partners collaborating to help develop these practices.


Stay tuned for the availability of the Chromebook App Hub later this year. Educators can express interest in submitting idea sparks, and we encourage developers to contact Google if they are interested in being part of the App Hub community. You can sign up to get notified when the Hub becomes available and consider being a part of the growing Student Data Privacy Consortium.


The Google for Education blog can be found here:



Tags:  Chromebook App Hub  data privacy  Google  SDPC  SXSW Edu 

Share |

Doers Doing...

Posted By Penny Murray, Monday, February 18, 2019
Updated: Friday, February 15, 2019

Doers Doing...

This Photo is licensed under CC BY-SA-NC 

This Photo is licensed under CC BY-SA-NC

In one way I am glad that interoperability and privacy is once again becoming a “hot button” topic for conversation in the wild world of education.  While the two terms might make may in schools roll their eyes, throw up their hands, or turn a blind eye, they are becoming more and more a concern in the everyday lives of student data stewards globally.  Items in the news, new organizations playing a role in the topic and even additional funding opportunities from outside sources can help support the right data getting to the right place at the right time under local control.

The other side of this coin is that, like fashion, this has been a topic really since 1997 when the origins of many of the technical standards organizations were formed by various communities to support the needs around data interoperability and in some cases privacy.  The SIF Association, now the Access 4 Learning Community, was the first group focused and driven by K12 end users demanding marketplace providers to address their growing data management issues at the local and state level.  So, in essence the topics are not “new” but elevating the awareness factor can benefit us all.

But that is only part of the story.  I am very proud of the thousands of organizations, volunteer hours, membership dues support and the community involvement that has been driving the work of this Community for now more than 20 years.


I mentioned to an outstanding group of educational support agencies last week that in my tenure at A4L, I have seen more than 37 national projects, supported by hundreds of millions of dollars, fail in their attempts to move the marketplace, support schools and states, or systemically change how we address the roles of the data stewards.  Generally, they either had no established and vested community just an end product or they had a community with no clear “what does success look like” in mind.


A4L and the SIF Specifications are in that way VERY different.  With our tiny staff the community determines the technical issues to address, the community does the technical development and the community gets the word out on the need for standardized data interoperability strategies – not driven by a staff or one or two vendors.  It is written into our By-Laws!  It means the specification development might take longer but we have transparent governance, development processes and community resources allocations for any to view.

Look soon for the next Community technical blueprint, codenamed “Unity”, to be released which will allow the thousands of applications using the previous SIF Specifications an easy lift to a new modern infrastructure, a data model aligned to the Common Education Data Standard, additional privacy controls in a Global Educational Privacy Standard, and the inclusion of standardized xPress API functionalities currently being used on the ground for rostering, student records exchange, IEP and soon grade pass back.

I am proud of this Community.  The work is Community driven, Community resourced and Community developed around transparent processes – for over 20 years of learning impact!




Tags:  2019  API  Community  community driven  GEPS  grade pass back  interoperability  privacy  roster  security  Specification  student records exchange  Unity  xPress 

Share |
PermalinkComments (0)

What REAL Partnerships are about...

Posted By Larry Fruth, Thursday, October 11, 2018

What REAL Partnerships are about...

PartnershipsOver my time in the Community, and the time spent in thousands of meetings from local schools to federal agencies, I always wished that I could interrupt the meeting and dive deeper when they mention “partnerships”. 

I do understand the concept and the continuum partnerships can exist, such as everything from “we like each other” to “a formal and legalized agreement”.  But what can you really call a “partnership”?  I believe that actions, both good and bad, define partnerships.  You can learn about partnerships when you get to hear one of the partners talking about the arrangement separate from the other, AND an analysis of actions of the partnership.

In this A4L Newsletter (September 2018) you will read about real partnerships with real deliverables:

>  The Post-Secondary Electronic Standards Council (PESC) and A4L working together to develop instructions for implementers how to interpret the XML Schema as a data model for JSON exchanges (A4L Newsletter, page 3)

The Global Education Privacy Standard (GEPS) Project bringing together the leaders of the Student Data Privacy Consortium (SDPC) and the A4L Privacy Task Force to connect privacy contractual obligations to technical benchmarks for common understanding and expectations around how privacy obligations are being met in real-world technology solutions (A4L Newsletter, page 5)

The xPress Individualized Education Plan (xPress IEP) collaboration between the Common Education Data Standards (CEDS) team and the A4L working group led by TQ White.  This ideal partnership has resulted in a standardized IEP that has garnered great interest by schools, states and even vendors.  The momentum continues as the work now moves into enabling the secure transport and access to IEP information (A4L Newsletter, page 8)

There are many more in the making – but we won’t call them “partnerships” yet! 

Partnerships need to mean more than a public relations fodder.  As President Kennedy famously stated, “A partnership is not a posture but a process”, but you be the judge when you hear about “partnerships”…



Tags:  2018  Community  newsletter  partnerships 

Share |
PermalinkComments (0)

The A4L Vendor Marketplace goes live...

Posted By Penny Murray, Friday, April 20, 2018


The A4L Vendor Marketplace goes live....

We are delighted to announce the initial launch of the A4L Vendor Marketplace to A4L Community and Student Data Privacy Consortium (SDPC) members!
The marketplace goes beyond the existing SIF Certification Register, and includes all companies who are members of either (or both) the A4L Community or Student Data Privacy Consortium (SDPC).  It now provides us with a strong foundation on which to build additional features as it is directly integrated with our existing membership database and SIF Test Suites.
We are already progressing with the next development phases, which will introduce additional filter options and expand on product information available for SIF Certified products... keep checking back over the next few weeks to see how the marketplace develops!
Please do not hesitate to contact us if you have any questions or suggestions for future development.



Tags:  2018  A4L  SDPC  SIF certification  Vendor Marketplace 

Share |
PermalinkComments (0)

Data Privacy Day

Posted By Administration, Monday, January 29, 2018

SDPCData Privacy Day

Since 2008, January 28th is touted as “Data Privacy Day” in the U.S. led by the National Cyber Security Alliance (NSCA).  While this larger effort focuses mostly on consumer information privacy, the Access 4 Learning (A4L) Community, and its Special Interest Group (SIG) the Student Data Privacy Consortium (SDPC) are addressing the real world challenges seen by educational data stewards each day in schools across the globe.  So today is a day to celebrate the substantial SDPC successes and recognize there is so much more work to be done!

In 2015 the non-profit SDPC was established to address “tactical” and “on the ground” privacy practitioner needs.  Formed after a year of research, outreach surveys, and one-on-one conversations, the SDPC is made up of schools, regional and state education agencies and marketplace providers identifying common privacy issues and developing solutions that can be put in place at all levels of the education data continuum.

The Consortium polled members to identify their current “pain points” to prioritize the work resulting in three projects currently underway addressing a) contract privacy wording, b) privacy policies and procedures development and c) a secure and simplified application onboarding into a schools digital ecosystem.

Check out the great work of this all volunteer group and how their work can be leveraged by you as a school, regional/state agency or marketplace provider who wants to support the effective and safe management of student data.  Over 4 million students are currently represented in the Consortium – why not yours and your clients?

Find out more about the Student Data Privacy Consortium (SDPC) >>


Tags:  2018  data privacy  privacy  SDPC 

Share |
PermalinkComments (0)

A Technical Architects Guide to the SIF 3 Infrastructure: Modernized Security

Posted By Penny Murray, Wednesday, October 25, 2017
Updated: Friday, October 20, 2017

A Technical Architects Guide to the SIF 3 Infrastructure: Modernized Security

On the wire: 

  • Internet grade security. 
  • Upgrade ready. 
  • Encrypted payloads, a reality.


At authentication:

  • Trusted accounts (service or personal).
  • Trusted servers.
  • SSO ready
  • Personal touches service paths and hints at the future.


It should come as no surprise that good Web Services employ Internet Grade Security to keep their communications safe on the wire.  What many people don’t realize is that Internet Grade Security has to keep changing.  From security holes found in the protocols used, to better hardware that can reduce yesterday’s math based security to plain text, the one constant in this consistent requirement is change.

We are here to help!  The SIF 3 Infrastructure has a separate Product Standard and Test Harness.  Respectively, to communicate current Internet Grade Security expectations and help you ensure our software meets them.  For the extra cautious, SIF 3 has been built so it may pass encrypted payloads.  It is great to be part of a community that keeps on top of this.

So while no one is eavesdropping on SIF 3 Infrastructure connections, who is communicating?  For us this is an interesting situation.  In the past we embraced certificates fully.  For verifying server identity this has become the dominant mechanism for establishing trust and we still follow it.  However Clients Certificates have not faired as well.  So while there is nothing preventing their use in SIF 3, we don’t expect them to be the norm.  In fact, we really are not confident of an industry norm in this area anytime soon.  So while the SIF 3 Infrastructure has some built-in ways to authenticate, it also is designed to allow for support of multiple Single Sign On (SSO) solutions.  We are working with at least one identity provider to help make this not only possible but also easy.

Whichever authentication mechanism you choose, they will grant access by data object type.  Additionally, we have a tradition of filtering sensitive fields, which is being bolstered and codified by the Student Data Privacy Consortium (SDPC) and Australian (AU) locale.  In the end, all data providers will be able to know and enforce the rules.  We seek to have the most trusted standards for accessing education data.

Good security is built in, not bolted on.

To find out more about the SIF 3 Infrastructure Specification, please go to:

Tags:  2017  Infrastructure  SIF 3  Specificatoin  technical 

Share |
PermalinkComments (0)

A Technical Architects Guide to the SIF 3 Infrastructure: Reliably Standard

Posted By Penny Murray, Wednesday, October 18, 2017
Updated: Friday, October 6, 2017

A Technical Architects Guide to the SIF 3 Infrastructure: Reliably Standard

  • Pick your tools:
    • UUID
    •  REST
    •  Data Model
    •  Code Generation
  •  Choose your expert:
    • SIF 2 expertise can be hard to find.
    •  Most developers are comfortable with REST APIs.
    • Same tools, two hours instead of two days.

When I came on staff seven years ago, I was introduced to a vision for SIF 3 so obvious I instantly agreed to pursue it and I have ever since.  The idea was simple, instead of inventing things and behaving like an oxymoronic proprietary-standard, we would strive to first use other standards in our work.  The cry propelling us forward became a “standard of standards” and we have followed this mantra in the big things and the small.

Let’s start with something small but more impactful than we could have imagined.  Our attempt to use GUIDs styled after a dominant market player instead of standard UUIDs had gone from convince to pain point.  Rather than picking up a UUID library, developers were trying to meet the requirements on their own.  With solutions that did everything from violate the rules to leak personal identifiable information (PII).  Moving to UUIDs has proven easier for marketplace providers, safer for end users, and more enforceable by the community.  Plus it has given those with challenges keeping data unique, guidance and options to do so.  With out this seemingly small change, our ability to have a successful REST based standard would be compromised from the beginning.

Of course we also seek to be ready to move any data model necessary.  For models that do not use UUIDs like the infrastructure does, we will use the unique identifiers the data model does identify.  For data models that don’t have IDs, we have the option of wrapping the data in a service driven by an infrastructure standard job object.  To get a data model on and off the wire properly we have worked a lot with popular code generation tools and labor to ensure our infrastructure payloads and our data model are defined in XML schema using the venetian blind style and recommend others do as well.  While adhering to standards has yet to fail us, it has had an interesting indirect impact on the adopter.

It is generally agreed that to succeed with SIF 2 you should engage a company (or at least an individual) familiar with the SIF 2 infrastructure.  It turns out there is a lot more people that are familiar with REST, XML, UUID, OAuth, and other standard technologies.  This means there are a lot more people ready to dive into SIF 3 projects.  Once these people are engaged, they have choices.  Just as they can code directly to the data model or leverage code generation tools, they can start with their favorite tools or grab ones already built out to make SIF 3 development even easier.  The bottom line is it is simpler to find experts and they can usually produce solutions faster.

So by seeking and leveraging the usual, you should find the SIF 3 infrastructure a standard of standards.  By building on these standards, you should find it scalable.  Yet our next topic will make keeping true to this formula, significantly harder.

Great SIF 3 developers are out there please let them know it.

To find out more about the SIF 3 Infrastructure Specification, please go to:

Tags:  2017  Infrastructure  SIF 3  Specification  technical 

Share |
PermalinkComments (0)

A Technical Architects Guide to the SIF 3 Infrastructure: High Performance

Posted By Penny Murray, Wednesday, October 11, 2017
Updated: Tuesday, October 3, 2017

A Technical Architects Guide to the SIF 3 Infrastructure: High Performance

  • For everyone:
    •  Clean encapsulation accelerates development and performance by simplifying logic.
    • Support for multiple data objects in the same payload move more data at once in many situations.
    •  Fewer overhead messages increases throughput, especially in high latency environments.
  • Taken to the max:
    • Multiple connections are defined for both synchronous and asynchronous data exchanges.
    • Long polling brings real time responsiveness to new levels.
    • eTag and similar support for multiple object queries help you get only the data that has changed.
    • Same use case 400 times faster.

The rules for web services have changed.  In 2005 it seemed things had matured around SOAP, WSDL, and highly dependable asynchronous message flows wherever they may be needed.  Fast-forward to today and we have REST, API Sandboxes, and the occasional timeout is seen as preferable to an always-delayed response.  The SIF 3 infrastructure both operates in this world and is designed to make the most of it.

First we set out to have clear encapsulation or delineation between where the infrastructure ends and data begins.  Fortunately REST makes this evident with a consistent place for headers and another for the body of data.  The result is accelerated development and a reduction of errors by simplifying logic.  Put another way, it is easier to find the data when it is always in the same place.

Next we considered our rich history bundling data for transport.  We had certainly gone the one object at a time route; while simple, it also proved to limit overall performance.  Our initial attempt at packages didn’t go much better; while performance could be gained our efforts to set limits sometimes resulted in failure.  By the time we designed SIF 3 both capabilities had matured and patters had emerged on how to best handle this situation.  Now pages of responses mirror online search or shopping results and tunable queues do the same thing for events.  Interoperability works best, when both sides coordinate.

Once these things were tightened up we went looking for other inefficiencies and discovered with a little thought we could eliminate many messages from our flow entirely.  Fewer overhead messages increases throughput, especially in high latency situations.  Every trip back and forth counts, with SIF 3 you simply make less.

Now the changes above are fundamental and expected to reach everyone.  However, if you need more performance the SIF 3 infrastructure has options.  From multiple connections for increased throughput to long pulling for closer to real time events, you have options.  Taken together for a well-selected use case in a low latency environment we have seen data flow up to 400 times faster than SIF 2.

It is time to start planning your upgrade:


Tags:  2017  Infrastructure  SIF 3  Specification  technical 

Share |
PermalinkComments (0)
Page 1 of 2
1  |  2
  • SIF Association (dba Access 4 Learning (A4L) Community)

  • PO Box 1024, New Albany, Ohio 43054-1024

  • Phone: +1.202.621.0547