SIF Agent Portability

One of the things that first attracted me to the whole idea of SIF (the Systems Interoperability Framework) was the idea that it could enable educational applications to become more independent from those applications that fed it information and from those that depended on it for information. A supplier that makes an application that specializes in transportation management can start to focus more attention on transporting children to and from school and less on the how data comes from this system vs. that system if the data always looks the same. In the end we all get better transportation systems. This is because the data has become portable.

Another concept that has been interesting has been the idea of a software plug-in. This web site framework that I am using to present this (WordPress) uses plug-ins to present a cloud of tags (to your right), a mechanism for leaving comments, a registration system and many more. Many video games have a base station that allow you to plug in or load several games allowing it to load new functionality that wasn't available when the base unit was first developed.

How could this relate to SIF?

When we set out to solve the problem of creating a SIF adapter framework, we took a different approach than others who set out to solve the same problem. Instead of developing a toolkit for programmers, we set out using a different approach with a different audience in mind: those without a programming background. Questions arose: Could we build an adaptable SIF agent that:

…would be able to SIF-enable any existing application?
…would require no or very minimal changes to the target application?
…would require no programming?
…could be configured through a web interface?

Our Audience

As we spoke to people at districts, we found that most felt comfortable with being able to create SQL queries using some sort of tool such as SQL Server Management Studio, Access or MySQL Query Browser, so that's where we aimed. What we developed was ZIAgent™.

Interestingly enough, our initial objective was to create a tool for users in school districts, local authorities and other educational institutions that would allow them to create SIF agents for the host of legacy (bespoke) applications that might have been created through the years. This objective was met through our current product, but we were pleasantly surprised when OEM suppliers approached us asking if it could also be used to SIF-enable their off-the-shelf applications. Of course, we were happy to oblige and ZIAgent has been used to SIF-enable many SIF-certified applications.

ZIAgent™

ZIAgent uses a wizard-like interface to configure its outbound side (providing and responding to requests) and a business rules approach to configure its inbound side (subscribe and receiving responses). You can read more about it if you would like at ZIAgent. The rest of this article deals with only one of its features: Import/Export.

When an agent has been configured, the user may choose to export its configuration through the ZIAgent dashboard. The export screen looks something like this:

When ZIAgent exports the configuration, it creates an XML file with the configuration for the items that were checked off. This configuration can then be used to:

Load into a copy of ZIAgent Runtime Edition
Pass to someone else who has a ZIAgent Designer license and similar needs — it can be imported and used as the basis for a similar agent
Upgrade the agent. When we come out with a new version of the agent, the upgrade process is typically to export the configuration from the previous version and then import it into the new version. Occasionally, if code values have been changed in the SIF version, they will need to be re-discovered and re-mapped to new values after importing.

The Exported File

The exported file contains a complete description of the agent, including event rules, object rules, regression testing rules, code values, and translation mappings. It could even include information about the server it was installed on and the audits from that machine if those options were chosen from the menu when the file was created. This is what the XML file looks like:

SIF Agent Libraries

Now as time goes on, we are faced with the issue of the sale, distribution and support of an ever-growing collection of SIF agents plug-in configurations and how to manage them. Some belong to our OEM customers — those ZIAgent customers own the rights to the agent configurations and distribute the SIF agent packaged product with their products. Some we developed because we saw a need in the marketplace but the agent ended up being for:

…an application that a school wouldn't typically pay for, such as Moodle (it would under the GNU GENERAL PUBLIC LICENSE)
…a feature that comes bundled with other software, such as Active Directory that is part of Microsoft® Windows Server
…add-ons that come free once you have other software installed, such as Microsoft® Windows SharePoint® Services that is a free download once you have Windows Server installed

The Moodle SIF Agent

Presently, the Moodle SIF agent is a subscribing agent configured for the UK 1.1 specification. It subscribes to:

Identity
LAInfo
SchoolInfo
WorkforcePersonal
LearnerPersonal
LearnerSchoolEnrolment
LearnerGroupEnrolment

When the Moodle SIF agent learns that a new learner is now attending a school (when it receives an Identity SIF object for him or her), it creates a Moodle account that aligns with the account that the Identity Management system has already created. The only interesting thing it learns from that object is the identity and the SIF RefId (or GUID). The rest of the information about the learner was received earlier in objects such as LearnerPersonal and LearnerSchoolEnrolment. The SIF RefId in the Identity object will match the RefIds in those objects, allowing the agent to get a complete picture of the learner and create a complete Moodle User Record for him or her.

The Moodle SIF agent can also enroll these learners in Moodle courses for one of several reasons:

A mapping can be set up between a course (a School Group Type) in a school and a Moodle course. For example, a rule can be set up that tells the SIF agent "all learners that are enrolled in Biology I should automatically be enrolled in the Moodle course named Biology ABCD"
A mapping can be set up between a section of a course (a School Group) and a Moodle course. For example, a rule can be set up that tells the SIF agent "all learners that are enrolled in Mr. Wilde's 5^th period English class that meets in room B‑101 should automatically be enrolled into the Moodle course named Shakespeare for Beginners.
A mapping can be added that maps any characteristic in a SIF object to enrollment in a Moodle course. For example, if a learner's EnglishProficiency information indicates that he or she falls at a certain level, the SIF agent could enroll that learner in an "English as a Second Language" course.

The Moodle agent does not publish information, however. The main challenge was that Moodle is very flexible in how it allows teachers to create tests and store results. So much, that there is no one common way that tests are given and test results are stored in a Moodle database, so it was difficult for us to make a generic way to set up the SIF agent to publish them. Where we would like to go with this is to get the SIF agent used in subscribe mode in a number of places and then seek user community input on providing.

The Active Directory Agent — Ipseity™

Visual Software has had an Active Directory SIF agent for several years and it has been installed in many places with good success. The Ipseity SIF agent has several interesting, useful and unique features:

When a learner enrolls, it creates an account in the OU appropriate for a learner attending his or her school
A home directory is created and if a home directory "template" tree was established for this type of learner, the files from that template are copied into the learner's home directory and the file permissions are modified so that the learner will have the proper access to them
The learner is added to the appropriate groups depending on the school in which he or she is enrolled
Each learner may also have a "learner personal AD GROUP" created**
When the learner is enrolled into a section of a course (school group), he or she may be added to an AD group for that section (school group)

The ZIAD SIF agent is made up of two pieces: the SIF agent and an AD web service. The AD web service is installed with special privileges wherever the domain controller is and the SIF agent is installed in a place that is reachable by the Zone Integration Server. If necessary, the communication between the two is done using HTTPS, but using this technique allows the SIF agent to easily switch between handling separate AD forests at schools or a single, combined AD forest, simply by making a minor modification to its rules.

Although the above features described features for learners, ZIAD also manages accounts for teachers and contacts (parents).

** Learner Personal Groups and Handling Divorces, Remarriage, Blended Families and Joint Custody

This technique has proven very useful whenever there has been a need for assigning permissions, for example, that correspond to access rights for learner records. These might be used to control access to portal pages or sites. What we do in ZIAD is the following:

Each learner is assigned a separate AD account
Each learner has an AD group created — we refer to this group as the Learner Personal AD Group
The learner is assigned as a member of this group
Each contact (parent) has an individual AD account created for him or her
If that parent has access rights to the learner's records, he or she is made a member of the Learner Personal AD Group
The Learner Personal AD Group is used for access to the portal site containing the learner's records

By following these rules, these benefits are seen:

By looking at the Learner Personal AD Group membership, you can see everyone who has access to student records
If the parents get divorced and one gets remarried, after the remarriage, the step-parents do not automatically gain access to the student records. Only the parent accounts have access to the learner records.
If a step-parent is to be added to the list of people who should have access to these records, he or she can be added but that must be done as a manual activity. This would normally follow an explicit request by someone and the event to add this person would be audited.
In the US, if you look to see to which groups a contact belongs, you can get a list of the learners for whom he or she has record access rights (in the UK, the data model is different and doesn't it have this issue).

This technique isn't ZIAD-specific, but because ZIAD is business-rules based, it makes it easier to implement something like this.

The SharePoint Agent — ZIPortal™

The SharePoint SIF agent works with Windows SharePoint Services, the free add-on portal package that comes with Microsoft Windows Server. The initial motivation behind creating this agent was to be able to replace learner's home directories, giving them personal web sites instead. As it matured and people began to understand how it worked and how simple it was to configure, other ideas developed. For example, you can have sites for:

Learners, where they create personal work such as reports, presentations and electronic artwork. This site is created either at the beginning of the school year or when the learner enters the school. Having this site, for the most part, reduces or eliminates the need for a home directory. Files are stored in document libraries in the site. One (very large) place to backup, one backup file to manage.
Teachers, for their personal information and for the information they share with other teachers. This can contain everything from lesson plans to contact information and links to each of the learner pages for those assigned to classes that this teacher teaches.
Sections of courses (School Groups), that would contain current information for the subject or subjects being taught, including homework assignments, a place to submit work, and links that might help learners. This site would be maintained by the classroom teacher and would be linked to by each of the student sites as well as the teacher sites.
Parents, as a place where they can find information about their children's school work, what's happening at the school or how to help their children with their homework. Each parent would have an individual site (two parents would not normally share a site) that would stay with that parent regardless of how many children attended in the district (LA, RBC) and the privacy requirements needed even if parents got divorced and remarried would be enforced by having the site's permissions tied to Active Directory Learner Personal Groups (see above).
Lerner Portfolios, that are created when a learner first enters the school (or district) and continues to exist until the learner leaves. This site becomes a repository for work collected during those years (papers, presentations, etc.) and has folders for each school year's work.

Sample Learner Site

The agent itself works with SharePoint templates. To make it work, the educational organization needs to create or adopt a set of templates that fit the requirements of the learner, teacher and parent audiences. The SIF agent's configuration is then set to point to them and have them associated with the set of rules that will do things with them when certain SIF events occur. Things that the SIF agent is capable of doing includes:

Creating a new site from a template when the agent receives a new Learner, Teacher or Parent event is received, move the site to a new school if an Enrollment Change is received
Adding an item to a list in a web part corresponding to an element in a SIF message that is received. A certain amount of information will also be required in the same message in order for the agent to be able to find that list. Alternatively, Deleting that list Item.
Adding a web part to a page when a certain SIF message is received. As with the previous, enough information must be present in the received object to track down that page.

With these primitives and a flexible, powerful SIF rules engine, ZIPortal can easily manage hundreds of thousands of SharePoint sites and keep them synchronized with student, teacher and parent populations that are managed in the Student Information Systems (Management Information Systems).

SIF Agent Runtime + Plug-Ins + SIF Agent User Community

So now, having this unique design available allows us to try something new for SIF that others have been doing with video games, CD players and other types of software for years — turn the distribution model upside down.

Although it might not appear too significant at first, what this facility allows us to do is to change the way we distribute these SIF agents. As mentioned earlier, the XML file that was saved in the designer can be given to someone who has a ZIAgent Runtime Edition. The Runtime Edition looks very much like the Designer Edition except it is missing some of the menu items that allow users to create new agents:

ZIAgent Runtime Edition (fewer menu items)

…but it does include options to import a configuration created by someone else, reset server-related information, enter local translation information and provides full access to auditing trails — all the things you would need as a SIF agent user. As to distributing and supporting agents, we now have multiple options:

Distribute the ZIAgent Runtime paired with a specific configuration as before, bundle it with support and charge using one of any number of methods (per learner, per year or per server, and so on…), or…
License the ZIAgent Runtime separately and create a type of license where the SIF agent configurations that we make available under this license would be freely available to ZIAgent Runtime licensee

This pool of agents that will initially be included are the current Visual Software Moodle, Active Directory and SharePoint SIF agents (UK editions)
ZIAgent Runtime licenses will be available at a very low cost to schools and bulk licenses will be made available to Local Authorities and Regional Broadband Consortia that will cover all schools in the LA or RBC
Support will be made available as needed on an hourly basis (through Visual Software or though approved integration partners) or through a community web site that will be added as a branch of this web site
The agents can be modified in their XML form (we will post documentation) or by organizations who license the ZIAgent Designer (The designer will give then all the web-based tools to configure agents). Those organizations with the ZIAgent designer will be able to create and "donate" SIF agents into the pool of SIF agents, but only those who have licensed ZIAgent Runtime licenses will be able to get to the part of the web site where the library of SIF agents will be stored.

We've been offering the full service option described as the first alternative for years. We will continue to do so for those who prefer everything included in a single price — product and service.