[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] SIF/XML tools for Data Transfer.

Hi Tom,

> The only question I see with regard to the database in schools deals 
> with security. XML and OpenSSL creates a tunnel. Also, with regard to 
> simultaneous connections, I would want a Certificate of Authority (CA) 
> styled after the Globus Grid.

I would assume that the connection would be HTTPS (provided by Apache
and SSL) to ensure a secure channel for XML exchange. This is what I am
developing for, since it is quite easily done with the perl LWP module.

> I start to wonder if we'll see US Federal standards required at the 
> school level as we're starting to see at the State and Local Government 
> level.  The NCLBA has already demanded a uniform reporting standard. How 
> will states roll-up their testing results from districts with disparate 
> database vocabularies? This evolving digital convergence doesn't seem to 
> be going backwards. IMHO, DC has progressed faster than someone of us 
> thought.  Simple queries and reports in plain text may soon become 
> obsolete.

Yes, they'll become obsolete, replaced by an XML format backed by
schema. XML is the new "plain text".

> Maybe, I'm getting ahead of myself but as students get access to 
> computers in schools, how do we know they won't hack the main databases? 
> Or have someone hack them on their behalf?

By building secure servers with minimal services which only connect to
certain databases, only run on a secure VPN channel between LANs, etc.
The sky is the limit, depending only on your paranoia level and size of
bank account. IMO, paranoia is good. As part of any server
deployment, disaster recovery plans should be in place.

Les Richardson
Open Admin for Schools