Local Education Authorities (LEAs) across the globe are dealing with the issues of managing users across a rapidly increasing number of applications. Many of these applications within the educational enterprise interface directly with learners, parents, and teachers. Each new application requires digital identity and profile data for operational purposes. A significant burden is placed on individual users to manage and secure their login credentials across applications. In many instances, users end up having to remember many user names and passwords and deal with profile information that is not consistent or up to date across the various applications that they access.
There is a great need to provide a standards-based solution for identity management and role-based security within the education industry. While many standards have been developed to solve this problem, there is no common profile within education that suppliers and end users can adopt. The SIFA has been solving issues of interoperability like this for many years. Educational applications built to support the SIF standard can also benefit from a set of profiles developed by SIFA that are targeted at solving the needs of sharing and using digital identities within an educational enterprise.
A software application or system for which access is controlled through the identity management system.
SIF_Events are reported for this object.
Element/@Attribute | Char | CEDS Id/URL | Description | Type | |
---|---|---|---|---|---|
IdMApplication | A software application or system for which access is controlled through the identity management system. | ||||
@ | RefId | M | GUID that uniquely identifies an instance of this object. | RefIdType | |
Name | M | A short name for the application | xs:token | ||
URI | M | The URI of the application. | xs:anyURI | ||
DefaultFunction | M | A short description of the default or main function of the application. | xs:token | ||
FunctionList | O | A list of short descriptions of other functions the application performs. | FunctionListType | ||
DefaultIdentityProvider | M | The RefID of the application that is used as the Identity Provider (i.e., authentication provider) for the framework. | IdRefType | ||
IdentityProviderList | O | If the application can use multiple Identity Providers (authentication providers) to authenticate the user, for example Google directory service, LDAP, AD, etc., there could be multiple such providers in this list. | IdentityProviderListType | ||
StartDate | O | Start date of the association of this application to the Identity Provider application. | xs:date | ||
EndDate | O | End date of the association of this application to the Identity Provider application. | xs:date | ||
SIF_Metadata | O | SIF_MetadataType | |||
SIF_ExtendedElements | O | SIF_ExtendedElementsType |
This object establishes an authentication map between the Organization-User and the Identity Provider (IDP) LoginId. The profile will be used primarily to provision/deprovision users from the SIS/HR systems to the IDP.
SIF_Events are reported for this object.
Element/@Attribute | Char | CEDS Id/URL | Description | Type | |
---|---|---|---|---|---|
IdMAuthentication | This object establishes an authentication map between the Organization-User and the Identity Provider (IDP) LoginId. The profile will be used primarily to provision/deprovision users from the SIS/HR systems to the IDP. | ||||
@ | RefId | M | GUID that uniquely identifies an instance of this object. | RefIdType | |
UserOrganizationAssociationRefId | M | The RefId for the UserOrganizationAssociation SIF object if the authentication returns “true”. | IdRefType | ||
ApplicationRefId | M | RefId of the Identity Provider application. | IdRefType | ||
IdentityProviderLoginId | M | The login for the Organization-User within the Identity Provider application. | xs:token | ||
IdentityProviderType | O | An enumeration that defines how the authentication can be performed and exchanged. | xs:token | ||
@ | Codeset | O | A unique indicator (usually a URL) that points to the codeset used. | xs:token | |
AuthoritativeSourceId | O | The RefID of the Authoritative Application creating this association. | IdRefType | ||
StartDate | O | Start date of the association of this authentication instance to the Identity Provider application. | xs:date | ||
EndDate | O | End date of the association of this authentication instance to the Identity Provider application. | xs:date | ||
SIF_Metadata | O | SIF_MetadataType | |||
SIF_ExtendedElements | O | SIF_ExtendedElementsType |
This object establishes a role/permission map between the Organization-User and the downstream applications’ roles and permissions. This will be used primarily to provision/deprovision users from the SIS/HR systems to other applications.
SIF_Events are reported for this object.
Element/@Attribute | Char | CEDS Id/URL | Description | Type | |
---|---|---|---|---|---|
IdMAuthorization | This object establishes a role/permission map between the Organization-User and the downstream applications’ roles and permissions. This will be used primarily to provision/deprovision users from the SIS/HR systems to other applications. | ||||
@ | RefId | M | GUID that uniquely identifies an instance of this object. | RefIdType | |
UserOrganizationAssociationRefId | M | The RefId for the SIF UserOrganizationAssociation object which defines the Organization-User to be authorized. | IdRefType | ||
ApplicationRefId | M | RefId of the Identity Provider application. | IdRefType | ||
ApplicationFunction | O | The role for the OrganizationUser to be assigned for the target application. The consuming application must be able to honor such role. | xs:token | ||
AuthoritativeSourceId | O | The RefID of the Authoritative Application creating this association. | IdRefType | ||
StartDate | O | Start date of the association of this authorization instance to the Identity Provider application. | xs:date | ||
EndDate | O | End date of the association of this authorization instance to the Identity Provider application. | xs:date | ||
SIF_Metadata | O | SIF_MetadataType | |||
SIF_ExtendedElements | O | SIF_ExtendedElementsType |
This object associates a user of computer software applications to an organization.
SIF_Events are reported for this object.
Element/@Attribute | Char | CEDS Id/URL | Description | Type | |
---|---|---|---|---|---|
UserOrganizationAssociation | This object associates a user of computer software applications to an organization. | ||||
@ | RefId | M | GUID that uniquely identifies an instance of this object. | RefIdType | |
PersonRefId | O | UserOrganizationAssociationPersonRefIdType | |||
OrganizationRefId | M | RefId of the organization. | IdRefType | ||
@ | SIF_Object | M | The name of the SIF object that is being referenced by the payload of this element. | ||
AssociationType | M | The type of association. For example, if the user is a member of the organization then the type would be Member. | xs:token | ||
AuthoritativeSourceId | O | The RefID of the Authoritative Application creating this association | RefIdType | ||
StartDate | O | Start date of the association. | xs:date | ||
EndDate | O | End date of the association. | xs:date | ||
SIF_Metadata | O | SIF_MetadataType | |||
SIF_ExtendedElements | O | SIF_ExtendedElementsType |