2019-03-26 Meeting
Notes
Further research on the question of if security entities should be added to the data model was decided in favor of keeping this data out of that model. Several reasons were cited:
- The Ed-Fi model is not designed to be an authorization store, so adding this data would change its purpose
- In the current school year, it is unclear that SIS systems could contribute this data
- It is unclear for the long term what the use cases actually look like, so designing a new authorization strategy seems premature
Much discussion was on the question of what to store. In general, it was proposed that this be a transferable token tied to an API client. Key points of that discussion:
- Namespaces won't work, as they are not transferable
- The token should probably be shorter - maybe 10 characters - so that operations to support clients with that token are simpler. This was described at one point as "human readable"
- probably should be a n:1 relationship between API clients and tokens, so that a token can be shared by multiple API clients