Annotation of loncom/html/adm/help/tex/Domain_Configuration_Trust.tex, revision 1.1
1.1 ! raeburn 1: \label{Domain_Configuration_Trust}
! 2: Starting with LON-CAPA 2.12, as Domain Coordinator you can set limits
! 3: on the internal LON-CAPA commands which servers/VMs in your domain will
! 4: run when responding to data requests sent by LON-CAPA hosts at other
! 5: institutions in the cluster via Socket-based connections between
! 6: LON-CAPA nodes.
! 7:
! 8: Setting these types of limits for a particular institution only makes
! 9: sense if you also disallow session hosting of your domain's users on
! 10: LON-CAPA hosts at that same (remote) institution. See the User Session
! 11: Hosting section \ref{Domain_Configuration_User_Sessions}) for details.
! 12:
! 13: If a LON-CAPA server is part of a cluster in which there is a only a
! 14: single domain, or multiple domains but only a single library server,
! 15: then options to configure domain trust relationships are unavailable,
! 16: as they do not make sense in this context.
! 17:
! 18: For all nine limits there are two types of restriction: ``Allow all, but exclude
! 19: specific domains'' or ``Deny all, but include specific domains''. In both
! 20: cases the options are (a) for the restriction to be in use, or (b) not be in
! 21: use (the default).
! 22:
! 23: If in use, then checkboxes can be checked for any ``internet domains''
! 24: for which the restriction is to apply. Internet domains encompass all servers at a
! 25: particular institution, and also any aliases used on a multiple domain server.
! 26:
! 27: For example, there is a single internet domain for educog.com. Constraints
! 28: for that internet domain will apply to all *.educog.com servers, as well as
! 29: all domains on the multi-domain educog server. On a multiple domain server,
! 30: session hosting constraints are defined in a single domain - the default domain
! 31: included in the loncapa.conf file (e.g., the ``author'' domain for ``educog.com'').
! 32:
! 33: Default domain configurations can be assigned for:
! 34:
! 35: \begin{itemize}
! 36: \item \textbf{Access to this domain's content by others}
! 37:
! 38: Although individual authors in your domain can set highly granular rights of
! 39: use for their content, as Domain Coordinator you can configure a domain trust
! 40: setting for access from other specified institutions to any content published
! 41: by your domain's authors,
! 42:
! 43:
! 44: \item \textbf{Access to other domain's content by this domain}
! 45:
! 46: Although individual authors in other domains can set highly granular rights
! 47: of use for their content, which can apply to access by your domain's users,
! 48: as Domain Coordinator you can configure a domain trust setting for access to
! 49: content belonging to other institutions.
! 50:
! 51:
! 52: \item \textbf{Enrollment in this domain's courses by others}
! 53:
! 54: By default, a Course Coordinator can enroll users in any other domain into a
! 55: course. However, as a Domain Coordinator you can configure a domain trust
! 56: setting to control which other institutions may have their users enrolled.
! 57: If you set a restriction of this type, but a user from one of the prohibited
! 58: institutions needs to be part of a course in your domain, you could create
! 59: a new user account in your own domain for that particular user.
! 60:
! 61:
! 62: \item \textbf{Co-author roles in this domain for others}
! 63:
! 64: By default an Author can assign co-author roles to users in any other domain.
! 65: However, as a Domain Coordinator you can configure a domain trust setting
! 66: to control which other institutions may have their users assigned co-author
! 67: roles for Authoring Spaces in your domain. If you set a restriction of this
! 68: type, but a user from one of the prohibited institutions needs to be a co-author
! 69: you could create a new user account in your own domain for that particular
! 70: user.
! 71:
! 72:
! 73: \item \textbf{Co-author roles for this domain's users elsewhere}
! 74:
! 75: By default an Author in another domain can assign a co-author role to users
! 76: in your domain. However, as a Domain Coordinator you can configure a domain
! 77: trust setting to control which other institutions may assign co-author roles
! 78: for Authoring Spaces in their domains to your users. If you set a restriction
! 79: of this type, but one of your users needs to be a co-author for an authoring
! 80: space at one of the prohibited institutions, the author their could create a
! 81: new user account in that domain for your user, and assign a co-author role to it.
! 82:
! 83:
! 84: \item \textbf{Domain roles in this domain assignable to others}
! 85:
! 86: By default a Domain Coordinator can assign certain domain roles for your domain
! 87: (Librarian, Domain Guest, and Bubblesheet Scanning Operator) to users from
! 88: other domains. In addition a user with the Super User role can assign a
! 89: Domain Coordinator role for your domain to users from other domains.
! 90:
! 91: As Domain Coordinator you can configure a domain trust setting to control
! 92: which other institutions may have their users assigned domain roles in
! 93: your domain. If you set a restriction of this type, but a user from one of the
! 94: prohibited institutions needs a domain role in your domain you could create a
! 95: new user account in your own domain for that particular user.
! 96:
! 97:
! 98: \item \textbf{Course catalog for this domain displayed elsewhere}
! 99:
! 100: By default another domain can display the course catalog for your domain,
! 101: although there is a domain configuration to determine whether the catalog
! 102: is only accessible to authenticated users. As Domain Coordinator you can
! 103: configure a domain trust setting to control which other institutions can
! 104: access course catalog information for your domain.
! 105:
! 106:
! 107: \item \textbf{Requests for creation of courses in this domain by others}
! 108:
! 109: By default a Domain Coordinator can assign the right to request courses in
! 110: the domain to users from other domains. As Domain Coordinator you can configure
! 111: a domain trust setting to control which other institutions may have their users
! 112: receive the right to request courses in your domain.
! 113:
! 114:
! 115: \item \textbf{Users in other domains can send messages to this domain}
! 116:
! 117: By default a user can send a LON-CAPA message to any other LON-CAPA user, by
! 118: entering the intended recipient's username and domain. As Domain Coordinator
! 119: you can configure a domain trust setting to control which other institutions'
! 120: users may send LON-CAPA messages to users in your domain.
! 121:
! 122: \end{itemize}
! 123:
! 124:
! 125: \textbf{Important Note:}
! 126: LON-CAPA is designed to foster sharing of educational resources both
! 127: within an institution, and between institutions, and in addition the LON-CAPA
! 128: philosophy is to empower educators to determine who has access to the content
! 129: they create. Setting configurations at the domain level for the first two items:
! 130: (a) Access to this domain's content by others, and (b) Access to other domain's
! 131: content by this domain runs counter to that philosophy. However, this
! 132: functionality is provided to support membership of the LON-CAPA network by
! 133: institutions which have policies that require more restrictive rules than is
! 134: the case for the default set-up for a LON-CAPA domain.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>