File:  [LON-CAPA] / loncom / html / adm / help / tex / Domain_Configuration_Trust.tex
Revision 1.2: download - view: text, annotated - select for diffs
Sat Dec 22 15:33:32 2018 UTC (5 years, 10 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_12_X, HEAD
- Typo in documentation

\label{Domain_Configuration_Trust}
Starting with LON-CAPA 2.12, as Domain Coordinator you can set limits
on the internal LON-CAPA commands which servers/VMs in your domain will 
run when responding to data requests sent by LON-CAPA hosts at other
institutions in the cluster via Socket-based connections between 
LON-CAPA nodes.

Setting these types of limits for a particular institution only makes 
sense if you also disallow session hosting of your domain's users on
LON-CAPA hosts at that same (remote) institution. See the User Session 
Hosting section \ref{Domain_Configuration_User_Sessions}) for details.

If a LON-CAPA server is part of a cluster in which there is a only a 
single domain, or multiple domains but only a single library server,
then options to configure domain trust relationships are unavailable, 
as they do not make sense in this context.

For all nine limits there are two types of restriction: ``Allow all, but exclude 
specific domains'' or ``Deny all, but include specific domains''.  In both 
cases the options are (a) for the restriction to be in use, or (b) not be in 
use (the default).

If in use, then checkboxes can be checked for any ``internet domains'' 
for which the restriction is to apply. Internet domains encompass all servers at a 
particular institution, and also any aliases used on a multiple domain server.

For example, there is a single internet domain for educog.com.  Constraints 
for that internet domain will apply to all *.educog.com servers, as well as 
all domains on the multi-domain educog server.  On a multiple domain server, 
session hosting constraints are defined in a single domain - the default domain 
included in the loncapa.conf file (e.g., the ``author'' domain for ``educog.com'').

Default domain configurations can be assigned for:

\begin{itemize}
\item \textbf{Access to this domain's content by others}

Although individual authors in your domain can set highly granular rights of 
use for their content, as Domain Coordinator you can configure a domain trust
setting for access from other specified institutions to any content published 
by your domain's authors, 


\item \textbf{Access to other domain's content by this domain}

Although individual authors in other domains can set highly granular rights
of use for their content, which can apply to access by your domain's users,
as Domain Coordinator you can configure a domain trust setting for access to
content belonging to other institutions.


\item \textbf{Enrollment in this domain's courses by others}

By default, a Course Coordinator can enroll users in any other domain into a 
course.  However, as a Domain Coordinator you can configure a domain trust
setting to control which other institutions may have their users enrolled.
If you set a restriction of this type, but a user from one of the prohibited 
institutions needs to be part of a course in your domain, you could create
a new user account in your own domain for that particular user.


\item \textbf{Co-author roles in this domain for others}

By default an Author can assign co-author roles to users in any other domain.
However, as a Domain Coordinator you can configure a domain trust setting
to control which other institutions may have their users assigned co-author
roles for Authoring Spaces in your domain. If you set a restriction of this 
type, but a user from one of the prohibited institutions needs to be a co-author
you could create a new user account in your own domain for that particular 
user.


\item \textbf{Co-author roles for this domain's users elsewhere}

By default an Author in another domain can assign a co-author role to users
in your domain. However, as a Domain Coordinator you can configure a domain 
trust setting to control which other institutions may assign co-author roles
for Authoring Spaces in their domains to your users.  If you set a restriction 
of this type, but one of your users needs to be a co-author for an authoring
space at one of the prohibited institutions, the author there could create a
new user account in that domain for your user, and assign a co-author role to it.


\item \textbf{Domain roles in this domain assignable to others}

By default a Domain Coordinator can assign certain domain roles for your domain
(Librarian, Domain Guest, and Bubblesheet Scanning Operator) to users from 
other domains. In addition a user with the Super User role can assign a 
Domain Coordinator role for your domain to users from other domains.

As Domain Coordinator you can configure a domain trust setting to control
which other institutions may have their users assigned domain roles in 
your domain.  If you set a restriction of this type, but a user from one of the 
prohibited institutions needs a domain role in your domain you could create a 
new user account in your own domain for that particular user.


\item \textbf{Course catalog for this domain displayed elsewhere}

By default another domain can display the course catalog for your domain,
although there is a domain configuration to determine whether the catalog 
is only accessible to authenticated users. As Domain Coordinator you can 
configure a domain trust setting to control which other institutions can 
access course catalog information for your domain.


\item \textbf{Requests for creation of courses in this domain by others}

By default a Domain Coordinator can assign the right to request courses in
the domain to users from other domains. As Domain Coordinator you can configure 
a domain trust setting to control which other institutions may have their users
receive the right to request courses in your domain.


\item \textbf{Users in other domains can send messages to this domain}

By default a user can send a LON-CAPA message to any other LON-CAPA user, by
entering the intended recipient's username and domain. As Domain Coordinator
you can configure a domain trust setting to control which other institutions'
users may send LON-CAPA messages to users in your domain.

\end{itemize}


\textbf{Important Note:} 
LON-CAPA is designed to foster sharing of educational resources both
within an institution, and between institutions, and in addition the LON-CAPA
philosophy is to empower educators to determine who has access to the content
they create.  Setting configurations at the domain level for the first two items:
(a) Access to this domain's content by others, and (b) Access to other domain's 
content by this domain runs counter to that philosophy.  However, this 
functionality is provided to support membership of the LON-CAPA network by
institutions which have policies that require more restrictive rules than is
the case for the default set-up for a LON-CAPA domain.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>