- What is RIC One?
- Who are RIC One customers?
- What problems are we solving?
- What is the solution?
- What are we trying to accomplish?
- How does RIC One API work?
- How secure is RIC One API?
- Who controls the data?
- What is the source and destination for the data?
- What district data is being accessed?
- Where is the data being sent?
- What about vendors that already work with districts to provide data integration?
- How does RIC One, a New York State initiative, align with national standards?
- How does RIC One LOGIN work?
- What protocols are used by the RIC One LOGIN service?
- How can districts connect to the RIC One LOGIN service?
- What is the source of a user’s identity?
- Where is the data being sent?
- What happens if a user account is disabled within a district’s directory?
- Does any specific hardware or software need to be installed to use the RIC One LOGIN service?
- How do new vendors adopt RIC One API and/or RIC One LOGIN?
- Can RIC One work with instructional applications supported by BOCES?
- Who is participating in this service?
- How quickly will RIC One mature?
What is RIC One?
RIC One is a family of services offered by New York State’s Regional Information Centers (RICs) to provide end-to-end, fully automated data integration and single login for applications that students, teachers and administrators use within districts.
Who are RIC One customers?
RIC One customers are school districts in New York State.
What problems are we solving?
Technology is a critically important component of instructional programs and of general district operations. The number of applications districts utilize continues to grow exponentially which is a good thing as it puts more tools in the hands of teachers and staff. According to the Software and Information Industry Association, K-12 software revenue in 2015 was $8.38 billion, up by almost 14% over the previous year. Incredibly, this number does NOT account for free K-12 software which is growing at an even faster pace than paid software.
Application need data from the district’s Student Information System in order to work. Providing this data comes at significant cost (e.g., loading data, maintaining user accounts). To compound this problem, labor costs are largely associated with redundant tasks. Money aside, this redundancy is wasteful of district staff time.
Equally important to reducing costs and making life easier is increasing district control of their data for the sake of Data Privacy. RIC One is fundamentally about district control over where their data goes and who in their district and outside their district gets to see it.
What is the solution?
RIC One eliminates the labor cost and often the financial cost while enabling the rapid deployment of applications. RIC One is a group of centralized services. This means data access can be controlled, data can be integrated between systems and single login can be enabled. All of this eliminates hurdles. It gets the right tools in the hands of teachers and staff when they’re needed while the district maintains control of district data. Data is exchanged locally at each RIC.
What are we trying to accomplish?
RICs are automating the transfer of and access to district data within the custody of local RICs, governed by their districts.
In April 2014, the New York State Legislature passed the Common Core Implementation Reform legislation, Education Law 2c. This law strengthened data protection practices and requirements. The law recognizes the trust districts place in their BOCES and Regional Information Centers (RICs). Over decades RICs and BOCES have supported districts’ State Reporting and student information systems. RIC One automation is distinguished by the control it provides districts at the local level to assure district concerns for data privacy and security are addressed while eliminating labor and simplifying use of software.
In addition to data automation governed by districts, the RICs on a statewide basis will advocate to the vendor community on their districts’ behalf. RICs, acting as “one” can “move the market” and convince software vendors to adopt RIC technology that is more efficient, more secure and more cost-effective for districts.
TECHNICAL QUESTIONS – API
How does RIC One API work?
Districts who want to use the RIC One API work directly with their local Regional Information Centers.
Application vendors complete the review process. Once approved, they develop a web service client to interface with the API and are assigned tokens for their districts. A token is accepted by the API if it originates from the right application, at the right time, for the right district and the right data fields.
How secure is RIC One API?
Data is collected from student information systems by the Data Provider Appliance using either Secure File Transfer Protocol (SFTP) or by SIF encryption. Data is encrypted at rest within the Data Provider Appliance as required by New York Education Law 2d. Data is presented in the API using HTTPS encryption and time-bound tokens.
Additionally, an independent third party security expert evaluates and tests RIC One systems.
Who controls the data?
Districts are in complete control of the data they provide to their vendors. The RIC One Data Provider Appliance, which is essentially a bundle of servers, is deployed to each RIC. It restricts vendor access and ensures vendors only have access to data elements authorized by the district.
What is the source and destination for the data?
The data originates from a district’s Student Information System (SIS) and is made available to vendor applications using a standards-based Application Programming Interface (API) and the Data Provider Appliance. Data is exchanged under district control, in the safe confines of the RICs’ network infrastructure.
What district data is being accessed?
The vendor sees the data they need and nothing more. The data set is similar to that which is required for State Reporting.
Where is the data being sent?
With the permission of the district, the encrypted data is being sent to the application vendor.
What about vendors that already work with districts to provide data integration?
Vendors may have established relationships with school districts, BOCES and RICs across the State. The RIC One service can work with any vendor.
How does RIC One, a New York State initiative, align with national standards?
RIC One API is built on standards to simplify alignment. The API employs web service architecture called REST to move data across the Internet. RIC One also adopted the USDOE Common Educational Data Standard (CEDS) data model. Additionally, RIC One supports application software and student information systems that have adopted SIF, Ed-Fi, and other education data standards.
TECHNICAL QUESTIONS – LOGIN
How does RIC One LOGIN work?
RIC One LOGIN provides end user authentication using local district credentials. Only one authentication is required per browser session to access multiple applications. The Identity Federation controls the linking of a person’s electronic identity information across multiple cloud-based solutions.
What protocols are used by the RIC One LOGIN service?
Initially, SAML 2.0 is the protocol used for the LOGIN service. The oAuth protocol will be incorporated as the service matures. Both protocols are widely used and supported by cloud-based solutions.
How can districts connect to the RIC One LOGIN service?
Districts should contact their local RIC. A member of the RIC One team will work with the local RIC and district to make the necessary connections.
What is the source of a user’s identity?
The data originates from a district’s network directory.
Where is the data being sent?
The identity data is being sent to the application vendor with the permission of the district and the RIC. The vendor receives the data they need and nothing more.
What happens if a user account is disabled within a district’s directory?
Disabling a user account in a district directory will effectively disable the user’s access to all applications connected via the federation. Users will immediately be prevented from accessing applications.
Does any specific hardware or software need to be installed to use the RIC One LOGIN service?
RICs and districts do not need to install any hardware or software to take advantage of the RIC One LOGIN Service. The RIC One LOGIN Service relies on a set of identity federation servers that are centrally hosted.
PARTICIPATION QUESTIONS FOR API and LOGIN
How do new vendors adopt RIC One API and/or RIC One LOGIN?
Application vendors document their support of district compliance with New York Education Law 2d. RIC One API vendors implement a simple API client within their products. For RIC One Login the vendors’ products adopt SAML or oAuth protocols.
Can RIC One work with instructional applications supported by BOCES?
If you are a BOCES and have a vendor that you would like to see adopt RIC One, please have them contact Dr. Madalyn L. Romano (email@example.com).
Who is participating in this service?
School districts and vendors in New York State may elect to participate in either service by contacting their local Regional Information Center.
How quickly will RIC One mature?
In 2015-16, RIC One is going through a controlled release process. The services will be ready for production in the summer of 2016 for the 2016-17 school year.