\label{Domain_Configuration_Trust} Starting with LON-CAPA 2.12, as Domain Coordinator you can set limits on the internal LON-CAPA commands which servers/VMs in your domain will run when responding to data requests sent by LON-CAPA hosts at other institutions in the cluster via Socket-based connections between LON-CAPA nodes. Setting these types of limits for a particular institution only makes sense if you also disallow session hosting of your domain's users on LON-CAPA hosts at that same (remote) institution. See the User Session Hosting section \ref{Domain_Configuration_User_Sessions}) for details. If a LON-CAPA server is part of a cluster in which there is a only a single domain, or multiple domains but only a single library server, then options to configure domain trust relationships are unavailable, as they do not make sense in this context. For all nine limits there are two types of restriction: ``Allow all, but exclude specific domains'' or ``Deny all, but include specific domains''. In both cases the options are (a) for the restriction to be in use, or (b) not be in use (the default). If in use, then checkboxes can be checked for any ``internet domains'' for which the restriction is to apply. Internet domains encompass all servers at a particular institution, and also any aliases used on a multiple domain server. For example, there is a single internet domain for educog.com. Constraints for that internet domain will apply to all *.educog.com servers, as well as all domains on the multi-domain educog server. On a multiple domain server, session hosting constraints are defined in a single domain - the default domain included in the loncapa.conf file (e.g., the ``author'' domain for ``educog.com''). Default domain configurations can be assigned for: \begin{itemize} \item \textbf{Access to this domain's content by others} Although individual authors in your domain can set highly granular rights of use for their content, as Domain Coordinator you can configure a domain trust setting for access from other specified institutions to any content published by your domain's authors, \item \textbf{Access to other domain's content by this domain} Although individual authors in other domains can set highly granular rights of use for their content, which can apply to access by your domain's users, as Domain Coordinator you can configure a domain trust setting for access to content belonging to other institutions. \item \textbf{Enrollment in this domain's courses by others} By default, a Course Coordinator can enroll users in any other domain into a course. However, as a Domain Coordinator you can configure a domain trust setting to control which other institutions may have their users enrolled. If you set a restriction of this type, but a user from one of the prohibited institutions needs to be part of a course in your domain, you could create a new user account in your own domain for that particular user. \item \textbf{Co-author roles in this domain for others} By default an Author can assign co-author roles to users in any other domain. However, as a Domain Coordinator you can configure a domain trust setting to control which other institutions may have their users assigned co-author roles for Authoring Spaces in your domain. If you set a restriction of this type, but a user from one of the prohibited institutions needs to be a co-author you could create a new user account in your own domain for that particular user. \item \textbf{Co-author roles for this domain's users elsewhere} By default an Author in another domain can assign a co-author role to users in your domain. However, as a Domain Coordinator you can configure a domain trust setting to control which other institutions may assign co-author roles for Authoring Spaces in their domains to your users. If you set a restriction of this type, but one of your users needs to be a co-author for an authoring space at one of the prohibited institutions, the author there could create a new user account in that domain for your user, and assign a co-author role to it. \item \textbf{Domain roles in this domain assignable to others} By default a Domain Coordinator can assign certain domain roles for your domain (Librarian, Domain Guest, and Bubblesheet Scanning Operator) to users from other domains. In addition a user with the Super User role can assign a Domain Coordinator role for your domain to users from other domains. As Domain Coordinator you can configure a domain trust setting to control which other institutions may have their users assigned domain roles in your domain. If you set a restriction of this type, but a user from one of the prohibited institutions needs a domain role in your domain you could create a new user account in your own domain for that particular user. \item \textbf{Course catalog for this domain displayed elsewhere} By default another domain can display the course catalog for your domain, although there is a domain configuration to determine whether the catalog is only accessible to authenticated users. As Domain Coordinator you can configure a domain trust setting to control which other institutions can access course catalog information for your domain. \item \textbf{Requests for creation of courses in this domain by others} By default a Domain Coordinator can assign the right to request courses in the domain to users from other domains. As Domain Coordinator you can configure a domain trust setting to control which other institutions may have their users receive the right to request courses in your domain. \item \textbf{Users in other domains can send messages to this domain} By default a user can send a LON-CAPA message to any other LON-CAPA user, by entering the intended recipient's username and domain. As Domain Coordinator you can configure a domain trust setting to control which other institutions' users may send LON-CAPA messages to users in your domain. \end{itemize} \textbf{Important Note:} LON-CAPA is designed to foster sharing of educational resources both within an institution, and between institutions, and in addition the LON-CAPA philosophy is to empower educators to determine who has access to the content they create. Setting configurations at the domain level for the first two items: (a) Access to this domain's content by others, and (b) Access to other domain's content by this domain runs counter to that philosophy. However, this functionality is provided to support membership of the LON-CAPA network by institutions which have policies that require more restrictive rules than is the case for the default set-up for a LON-CAPA domain.