Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] Hello from Duke

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] Hello from Duke

Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To: Shilen Patel <>, Tom Barton <>
  • Cc:
  • Subject: Re: [grouper-dev] Hello from Duke
  • Date: Mon, 09 Jul 2007 09:25:44 +0100

--On 08 July 2007 12:14 -0400 Shilen Patel

Are there users that *should* be able to see FERPA protected data as
well? Ie, is it just a function of the data, or of the combination of
the data and the user viewing the data? Or other context in which the
data is read, like during a provisioning run vs. in a UI session?
It would be helpful if it was a function of the data and the user viewing
the data. Right now when we send data to services (either with a feed or
an ldap account), we usually determine if the services can view FERPA
protected data on a per service basis. So one service may be able to
view the private data while another service may not. It seems reasonable
for Grouper to support a similar functionality. For instance there can
be a group of subjects in Grouper that have access to the FERPA protected
data. In our case, the subjects would likely be service accounts. If
this functionality is built into the API instead of just in the UI, then
this would also work if we want to have services access Grouper data via
a web service. What thoughts to other people have?
We've talked in the past about making the subject id of the current GrouperSession available to Subject API calls. This would allow the SourceAdapter or the backend system to 'veto' or modify results. In principle, a local subclass of JNDISourceAdapter could be written which would return 'Anonymous user' and 'hide' other attributes. We would still need to pass a subject id around...


GW Brown, Information Systems and Computing

Archive powered by MHonArc 2.6.16.

Top of Page