MSP SIG - May 6, 2022
- Jason Hoekstra
- Ann Su
- Sean Casey
Attendees
| First Name | Last Name | Organization |
| Sean | Casey | Ed-Fi Alliance |
| Patrick | Devanney | ClassLink |
| Alex | Evans | Inteport |
| Jean-Francois | Guertin | EdGraph |
| Jason | Hoekstra | Ed-Fi Alliance |
| Erik | Joranlien | Education Analytics |
| Eshara | Mondal | Education Analytics |
| Jeremy | Perkins | Instructure |
| Andrew | Rice | Education Analytics |
| Mark | TenHoor | Education Analytics |
| Todd | Vaccaro | ClassLink |
| Patrick | Yoho | LandingZone |
Support
Nancy Wilson, Ann Su - Ed-Fi Governance Support
Meeting recording LINK
The meeting was held on 2022-05-06 2:00pm - 3:15pm CT via WebEx
Agenda/Notes
#1 Admin API
The Admin API is a concept that has been signaled by many technical members of the Ed-Fi community, particularly managed service providers that deploy multiple ODS / APIs and toolsets on behalf of states and districts. We've gathered some high-level requirements for an Admin API, with vendor key-secret management and claimset management being top needs. Admin App is a UI-based product that Ed-Fi offers to manage ODS / API instances and contains reviewed business logic for these operations. This business logic will be reused in Admin API as a starter for development, then additional needs will be signaled by Ed-Fi adopters.
- Ed-Fi Technical Designs: Admin API Design
Members provided preliminary input. Instructure has an Admin API now that should be informative - need to document other such member Admin API resources and transformations.
Other asks for features:
- Claim sets and profiles
- Cache and validation to reset cache
- Entity organization
- Impersonation (viewing in real environment)
- Sample data generator
- How to address multiple identities (needs further discussion)
- One identity because it is a system leveler utility - to make admin API less complicated - would want different credentials for each system - one for each use case
- May need one admin for each district or multi-tenancy - further discussion needed
Below is a listing of deliverable details, such as planned roadmap dates, summary of release functionality and links to releases in TechDocs. Release links will expand with tickets and information as design and development of the project continues.
Version | Roadmap Date | Summary of Functionality | Release Link |
Admin App 1.0 | 29 Jul 2022 | ● Establish initial standalone Admin API project reuse existing logic from Admin App ● Functionality to manage via Admin API: ● Applications ● Vendors ● Credentials (keys and secrets) | |
Admin App 1.1 | 28 Oct 2022 | ● Ability to add claim sets via API (may be parent-level only for 1.1) | |
Admin App 1.2+ | TBD | TBD based on additional field requirements as identified |
#2 Ed-Fi Tools Suite (Admin App & Data Import) and SSO/OIDC
As Ed-Fi tools are integrated into portals and environments with existing identity (ID) sources, utilizing these existing identity sources for single-sign on (SSO) experience becomes a top request for applications such as Admin App and Data Import. Many requestors of this capability have Open ID Connect (OIDC) sources they'd like to connect to (including some open source components), as OIDC as available from many providers as a common way to delegate authority for this purpose.
Feedback: Recommendation to let users locally manage rather than having to declare in use of the SSL platform.
Below is a design of delegating authority to trusted 3rd parties within the Ed-Fi tools ecosystem and technical recommendation from reviewing vendor partners for Admin App and Data Import to extend these tools to support Open ID Connect (OIDC):
- Ed-Fi Technical Designs: Single-Sign On Design
