Authentication and Authorization Provincial Approach to Student Information API

The PASI Core uses Client Certificates for system authentication. Before a PASI client can call any services they must obtain and register a certificate. For details on this process please see:

https://extranet.education.alberta.ca/Ae.CertificateRequest/
Caller Information

On every request sent to the PASI core there is CallerInfo property which must be populated. This information is used to identify information about the calling system for two reasons:

  1. Help to debug any potential software issues (e.g. seeing an error with only a specific version of a PASI client)
  2. Collect which School or School Authority the PASI client is acting on behalf for the service call.

It is important to note the CallerInfo.User.OrganizationCode property is validated. The value passed in must be an organization code the PASI client has been configured to represent (the configuration is done when the PASI client is registered with a certificate). The value should be formatted as follows:

S.XXXX - e.g. S.0982 = School code 0982

A.XXXX - e.g. A.3020 = School Authority 3020

O.#### - e.g. O.1 = Organization 1

If a client has been configured to represent a School Authority any school that reports to the authority is also valid for the client. If the value supplied is not recognized or the PASI client doesn't represent the organization an exception code of 1008 is returned.

The CallerInfo class structure

PASI Client to Student Association

In order for a PASI client to be able to update student data the PASI client must be "associated" to the student base on the Organization Code passed into the CallerInfo. The rules surrounding this association are as follows:

  1. The client represents the School or School Authority listed in the CallerInfo.User.OrganizationCode the student is currently enrolled in.
  2. The client represents the School or School Authority listed in the CallerInfo.User.OrganizationCode the student was last registered (The school has an enrolment record that has ended, but is the mostly recently ended enrolment record (i.e. the student has not yet been enrolled in another Alberta school))
  3. The client represents the School or School Authority listed in the CallerInfo.User.OrganizationCode that created the student if they have never been registered.
  4. The client represents the Ministry of Education (Organization 1)

The different types of association are described by the Organization Association code type. The ExamRegistration type associates the client to the student to enable student personal information updates but is not included in for synchronization of student information via the Student and StudentStatus data notification types (used with the IsDataAvailable service). The following services may be used to update student information when the client has the ExamRegistration association:

  • SubmitStudentAddressRequest
  • SubmitStudentAliasRequest
  • SubmitStudentIdentificationInformationRequest
  • SubmitStudentPreferredMailingAddressRequest
  • SubmitStudentPreferredNameRequest
  • SubmitStudentContactEmailAddressRequest
  • SubmitStudentEmailAddressRequest

For further details on student association please see the PASI Business Overview document. The GetOrganizationAssociation service can be used to help determine what Students a School is associated to.