SIF Agent Portability — Active Directory, Moodle, SharePoint
How Can We Help?
SIF Agent Portability
One of the things that first attracted me to the whole idea of SIF (the Systems Interoperability Framework) was the idea that it could enable educational applications to become more independent from those applications that fed it information and from those that depended on it for information. A supplier that makes an application that specializes in transportation management can start to focus more attention on transporting children to and from school and less on the how data comes from this system vs. that system if the data always looks the same. In the end we all get better transportation systems. This is because the data has become portable.
Another concept that has been interesting has been the idea of a software plug-in. This web site framework that I am using to present this (WordPress) uses plug-ins to present a cloud of tags (to your right), a mechanism for leaving comments, a registration system and many more. Many video games have a base station that allow you to plug in or load several games allowing it to load new functionality that wasn't available when the base unit was first developed.
How could this relate to SIF?
When we set out to solve the problem of creating a SIF adapter framework, we took a different approach than others who set out to solve the same problem. Instead of developing a toolkit for programmers, we set out using a different approach with a different audience in mind: those without a programming background. Questions arose: Could we build an adaptable SIF agent that:
- …would be able to SIF-enable any existing application?
- …would require no or very minimal changes to the target application?
- …would require no programming?
- …could be configured through a web interface?
As we spoke to people at districts, we found that most felt comfortable with being able to create SQL queries using some sort of tool such as SQL Server Management Studio, Access or MySQL Query Browser, so that's where we aimed. What we developed was ZIAgent™.
Interestingly enough, our initial objective was to create a tool for users in school districts, local authorities and other educational institutions that would allow them to create SIF agents for the host of legacy (bespoke) applications that might have been created through the years. This objective was met through our current product, but we were pleasantly surprised when OEM suppliers approached us asking if it could also be used to SIF-enable their off-the-shelf applications. Of course, we were happy to oblige and ZIAgent has been used to SIF-enable many SIF-certified applications.
ZIAgent uses a wizard-like interface to configure its outbound side (providing and responding to requests) and a business rules approach to configure its inbound side (subscribe and receiving responses). You can read more about it if you would like at ZIAgent. The rest of this article deals with only one of its features: Import/Export.
When an agent has been configured, the user may choose to export its configuration through the ZIAgent dashboard. The export screen looks something like this:
When ZIAgent exports the configuration, it creates an XML file with the configuration for the items that were checked off. This configuration can then be used to:
- Load into a copy of ZIAgent Runtime Edition
- Pass to someone else who has a ZIAgent Designer license and similar needs — it can be imported and used as the basis for a similar agent
- Upgrade the agent. When we come out with a new version of the agent, the upgrade process is typically to export the configuration from the previous version and then import it into the new version. Occasionally, if code values have been changed in the SIF version, they will need to be re-discovered and re-mapped to new values after importing.
The Exported File
The exported file contains a complete description of the agent, including event rules, object rules, regression testing rules, code values, and translation mappings. It could even include information about the server it was installed on and the audits from that machine if those options were chosen from the menu when the file was created. This is what the XML file looks like:
Now as time goes on, we are faced with the issue of the sale, distribution and support of an ever-growing collection of SIF agents plug-in configurations and how to manage them. Some belong to our OEM customers — those ZIAgent customers own the rights to the agent configurations and distribute the SIF agent packaged product with their products. Some we developed because we saw a need in the marketplace but the agent ended up being for:
- …an application that a school wouldn't typically pay for, such as Moodle (it would under the GNU GENERAL PUBLIC LICENSE)
- …a feature that comes bundled with other software, such as Active Directory that is part of Microsoft® Windows Server
- …add-ons that come free once you have other software installed, such as Microsoft® Windows SharePoint® Services that is a free download once you have Windows Server installed
The Moodle SIF Agent
Presently, the Moodle SIF agent is a subscribing agent configured for the UK 1.1 specification. It subscribes to:
When the Moodle SIF agent learns that a new learner is now attending a school (when it receives an Identity SIF object for him or her), it creates a Moodle account that aligns with the account that the Identity Management system has already created. The only interesting thing it learns from that object is the identity and the SIF RefId (or GUID). The rest of the information about the learner was received earlier in objects such as LearnerPersonal and LearnerSchoolEnrolment. The SIF RefId in the Identity object will match the RefIds in those objects, allowing the agent to get a complete picture of the learner and create a complete Moodle User Record for him or her.
The Moodle SIF agent can also enroll these learners in Moodle courses for one of several reasons:
- A mapping can be set up between a course (a School Group Type) in a school and a Moodle course. For example, a rule can be set up that tells the SIF agent "all learners that are enrolled in Biology I should automatically be enrolled in the Moodle course named Biology ABCD"
- A mapping can be set up between a section of a course (a School Group) and a Moodle course. For example, a rule can be set up that tells the SIF agent "all learners that are enrolled in Mr. Wilde's 5th period English class that meets in room B‑101 should automatically be enrolled into the Moodle course named Shakespeare for Beginners.
- A mapping can be added that maps any characteristic in a SIF object to enrollment in a Moodle course. For example, if a learner's EnglishProficiency information indicates that he or she falls at a certain level, the SIF agent could enroll that learner in an "English as a Second Language" course.
The Moodle agent does not publish information, however. The main challenge was that Moodle is very flexible in how it allows teachers to create tests and store results. So much, that there is no one common way that tests are given and test results are stored in a Moodle database, so it was difficult for us to make a generic way to set up the SIF agent to publish them. Where we would like to go with this is to get the SIF agent used in subscribe mode in a number of places and then seek user community input on providing.
The Active Directory Agent — Ipseity™
Visual Software has had an Active Directory SIF agent for several years and it has been installed in many places with good success. The Ipseity SIF agent has several interesting, useful and unique features:
- When a learner enrolls, it creates an account in the OU appropriate for a learner attending his or her school
- A home directory is created and if a home directory "template" tree was established for this type of learner, the files from that template are copied into the learner's home directory and the file permissions are modified so that the learner will have the proper access to them
- The learner is added to the appropriate groups depending on the school in which he or she is enrolled
- Each learner may also have a "learner personal AD GROUP" created**
- When the learner is enrolled into a section of a course (school group), he or she may be added to an AD group for that section (school group)
The ZIAD SIF agent is made up of two pieces: the SIF agent and an AD web service. The AD web service is installed with special privileges wherever the domain controller is and the SIF agent is installed in a place that is reachable by the Zone Integration Server. If necessary, the communication between the two is done using HTTPS, but using this technique allows the SIF agent to easily switch between handling separate AD forests at schools or a single, combined AD forest, simply by making a minor modification to its rules.
Although the above features described features for learners, ZIAD also manages accounts for teachers and contacts (parents).
|** Learner Personal Groups and Handling Divorces, Remarriage, Blended Families and Joint Custody|
This technique has proven very useful whenever there has been a need for assigning permissions, for example, that correspond to access rights for learner records. These might be used to control access to portal pages or sites. What we do in ZIAD is the following:
By following these rules, these benefits are seen:
This technique isn't ZIAD-specific, but because ZIAD is business-rules based, it makes it easier to implement something like this.
The SharePoint SIF agent works with Windows SharePoint Services, the free add-on portal package that comes with Microsoft Windows Server. The initial motivation behind creating this agent was to be able to replace learner's home directories, giving them personal web sites instead. As it matured and people began to understand how it worked and how simple it was to configure, other ideas developed. For example, you can have sites for:
- Learners, where they create personal work such as reports, presentations and electronic artwork. This site is created either at the beginning of the school year or when the learner enters the school. Having this site, for the most part, reduces or eliminates the need for a home directory. Files are stored in document libraries in the site. One (very large) place to backup, one backup file to manage.
- Teachers, for their personal information and for the information they share with other teachers. This can contain everything from lesson plans to contact information and links to each of the learner pages for those assigned to classes that this teacher teaches.
- Sections of courses (School Groups), that would contain current information for the subject or subjects being taught, including homework assignments, a place to submit work, and links that might help learners. This site would be maintained by the classroom teacher and would be linked to by each of the student sites as well as the teacher sites.
- Parents, as a place where they can find information about their children's school work, what's happening at the school or how to help their children with their homework. Each parent would have an individual site (two parents would not normally share a site) that would stay with that parent regardless of how many children attended in the district (LA, RBC) and the privacy requirements needed even if parents got divorced and remarried would be enforced by having the site's permissions tied to Active Directory Learner Personal Groups (see above).
- Lerner Portfolios, that are created when a learner first enters the school (or district) and continues to exist until the learner leaves. This site becomes a repository for work collected during those years (papers, presentations, etc.) and has folders for each school year's work.
Sample Learner Site
The agent itself works with SharePoint templates. To make it work, the educational organization needs to create or adopt a set of templates that fit the requirements of the learner, teacher and parent audiences. The SIF agent's configuration is then set to point to them and have them associated with the set of rules that will do things with them when certain SIF events occur. Things that the SIF agent is capable of doing includes:
- Creating a new site from a template when the agent receives a new Learner, Teacher or Parent event is received, move the site to a new school if an Enrollment Change is received
- Adding an item to a list in a web part corresponding to an element in a SIF message that is received. A certain amount of information will also be required in the same message in order for the agent to be able to find that list. Alternatively, Deleting that list Item.
- Adding a web part to a page when a certain SIF message is received. As with the previous, enough information must be present in the received object to track down that page.
With these primitives and a flexible, powerful SIF rules engine, ZIPortal can easily manage hundreds of thousands of SharePoint sites and keep them synchronized with student, teacher and parent populations that are managed in the Student Information Systems (Management Information Systems).
SIF Agent Runtime + Plug-Ins + SIF Agent User Community
So now, having this unique design available allows us to try something new for SIF that others have been doing with video games, CD players and other types of software for years — turn the distribution model upside down.
Although it might not appear too significant at first, what this facility allows us to do is to change the way we distribute these SIF agents. As mentioned earlier, the XML file that was saved in the designer can be given to someone who has a ZIAgent Runtime Edition. The Runtime Edition looks very much like the Designer Edition except it is missing some of the menu items that allow users to create new agents:
ZIAgent Runtime Edition (fewer menu items)
…but it does include options to import a configuration created by someone else, reset server-related information, enter local translation information and provides full access to auditing trails — all the things you would need as a SIF agent user. As to distributing and supporting agents, we now have multiple options:
- Distribute the ZIAgent Runtime paired with a specific configuration as before, bundle it with support and charge using one of any number of methods (per learner, per year or per server, and so on…), or…
- License the ZIAgent Runtime separately and create a type of license where the SIF agent configurations that we make available under this license would be freely available to ZIAgent Runtime licensee
- This pool of agents that will initially be included are the current Visual Software Moodle, Active Directory and SharePoint SIF agents (UK editions)
- ZIAgent Runtime licenses will be available at a very low cost to schools and bulk licenses will be made available to Local Authorities and Regional Broadband Consortia that will cover all schools in the LA or RBC
- Support will be made available as needed on an hourly basis (through Visual Software or though approved integration partners) or through a community web site that will be added as a branch of this web site
- The agents can be modified in their XML form (we will post documentation) or by organizations who license the ZIAgent Designer (The designer will give then all the web-based tools to configure agents). Those organizations with the ZIAgent designer will be able to create and "donate" SIF agents into the pool of SIF agents, but only those who have licensed ZIAgent Runtime licenses will be able to get to the part of the web site where the library of SIF agents will be stored.
We've been offering the full service option described as the first alternative for years. We will continue to do so for those who prefer everything included in a single price — product and service.