Community area‎ > ‎

Open Resources

There are a number of software or service components required  in the SSO stack to enable the delivery of a uniform identity based on the schools student management records.  This architectures is sumarised by the following diagram:
IAM Components
Taken from IAM Seminar 

The components involved for a neat chain in the following order:
  • SMS - Student Management System the primary source of student and teacher identity data
  • UDI - the User Directory Interface - data is passed from the SMS into the School User Directory (AD, LDAP etc) via software and or process.
  • User Directory - commonly Active Directory (an LDAP compliant user directory) the primary (technical) source of user authentication, attributes, and access rights
  • IdP Server - a SAML 2.0 based Identity Provider that speaks a common set of protocols, and data formats for the secure exchange of identities over the web
  • Consumer services such as myPortfolio, Google Apps, Moodle etc that have SAML 2.0 connectors integrated for exchange of identity data
From a schools point of view, in order to be able to participate in the enriched SSO environment, their primary requirement is to achieve integration of their school identity data with an IdP so that the school can engage with SSO enabled service providers.
To achieve this, the school needs to be able to reflect the data in the SMS in a timely and accurate manner in the school user directory, and then connect the user directory with a compliant IdP.

It is these core and common tasks that the Ministry of Education has focused resources on to help enable schools to achieve the necessary integration.

Firstly - to move the data from the SMS to the User Directory, this requires two things:
  • A common data export format and tools from the SMS - the core SMS vendors have been engaged to provide the IDE (Identity Data Extract) export of data
  • A tool set that can take the IDE data and import this into the variable content and structure of school User Directories
The Identity Data Extract format is a common flexible CSV file format that the SMS can be configured to automatically generate, so that the interface of this data to the User Directory can be automated.

The User Directory Interface is an import tool that can read the IDE data format, and flexibly map this data to the schools User Directory.

While there are a number of commercial IAM service providers there is a reference implementation of the IdP software (the same software base as the IAM service providers) that individual schools, loops and co-operatives can implement themselves.

There are a variety of other tools available for assisting integration with SimpleSAMLphp (IdP and SP), OpenId, OAuth (eg: Twitter, Windows Live, Yahoo, Google, LinkedIn Facebook),  Moodle, Mahara.