Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66337

Admin control of user information passed via LTI lis_person_sourcedid field

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.7
    • Fix Version/s: None
    • Labels:
    • Affected Branches:
      MOODLE_37_STABLE

      Description

      In concern for user information privacy, we had to switch sending private user's IDNUMBER to an external LTI tool provider, that was passed via the LTI 'lis_person_sourcedid' field, with the USERID, which is less of a privacy issue.

      https://github.com/moodle/moodle/blob/master/mod/lti/locallib.php#L818

      In most cases, this information is not actually needed by the LTI tool provider, for providing proper services, and due to our country's law and regulation restrictions, related to passing private user's IDNUMBER to 3rd party services, we had to convert it into $USER->id, just in case one of the LTI tool providers need that information to be unique for each user, although it is also passed via the 'user_id' LTI field.

      It might be also a GDPR issue, but I am not sure, as I am not an expert on this.

       

      Suggestion:

      Add an admin UI setting for choosing the information sent via the LTI lis_person_sourcedid field:

      • None
      • USER->IDNUMBER
      • USER->ID
      • HASH(USER->IDNUMBER)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              nadavkav Nadav Kavalerchik
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 10 minutes
                  10m