[school-discuss] Thoughts on XML data interchange

[Tonnesen Steve <tonnesen@cmsd.bc.ca>]

Here are some of my thoughts on XML data interchange

Authentication is necessary.  This could be of several forms ranging from
PGP encrypted messages, to PGP signed messages, or even visual
identification of the user who is delivering the floppy disk with the file
on it.  It may be necessary to authenticate both users _and_ applications.
For example, the library program may be authorized to get a list of all
users in  a school, along with information about fees owed at the main
office, while a gradebook program being run by Mr. Jones will only be
allowed to access the classes which Mr. Jones teaches.

It would be nice if an "organization" could specify applications that are
authoritative for particular pieces of information.  This means that if
any application wants to retrieve or update information on a particular
object, it must send a message to the application that is authoritative
for that object.  The authoritative application could then determine if
the application requesting/updating the data is authorized to do so.

Examples of this:  The Student Information System might be authoritative
for student demographics, while the district payroll systems may be
authoritative for teacher demographics.  The library system would be
authoritative for library holdings, patron issues and overdues.  The
teacher gradebook application might be authoritative for Mr. Jones'
assignment marks, while the Student Information System might be
authoritative for final grades and report card comments.

An "organization" might be a department, school, district, government body
(the government body might be authoritative for standardized exam results
and graduation marks).


Steve.