Grouper Developers Forum

["GW Brown, Information Systems and Computing" <>]

--On 08 July 2007 12:14 -0400 Shilen Patel 
<>
 wrote:

> > Are there users that *should* be able to see FERPA protected data as
> > well? Ie, is it just a function of the data, or of the combination of
> > the data and the user viewing the data? Or other context in which the
> > data is read, like during a provisioning run vs. in a UI session?
> It would be helpful if it was a function of the data and the user viewing
> the data.  Right now when we send data to services (either with a feed or
> an ldap account), we usually determine if the services can view FERPA
> protected data on a per service basis.  So one service may be able to
> view the private data while another service may not.  It seems reasonable
> for Grouper to support a similar functionality.  For instance there can
> be a group of subjects in Grouper that have access to the FERPA protected
> data.  In our case, the subjects would likely be service accounts.  If
> this functionality is built into the API instead of just in the UI, then
> this would also work if we want to have services access Grouper data via
> a web service.  What thoughts to other people have?
We've talked in the past about making the subject id of the current 
GrouperSession available to Subject API calls. This would allow the 
SourceAdapter or the backend system to 'veto' or modify results. In 
principle, a local subclass of JNDISourceAdapter could be written which 
would return 'Anonymous user' and 'hide' other attributes. We would still 
need to pass a subject id around...

Gary


----------------------
GW Brown, Information Systems and Computing