--Hi guys,
We are writing code in preparation for publishing to the Learning Registry. This is how we’re thinking of populating the publisher, creator, submitter, and signer fields. Publisher and Creator are part of the nsdl_dc schema, which we will be using for publishing. The other fields are part of the LR document.
Use case #1: PBS has made a Mr. Rogers Neighborhood episode available online. John Jones of Timbuktu, Illinois elementary school decides to publish this resource through our web site. We are thinking of assigning publisher, creator, submitter, and signer as follows:
· Publisher: PBS
· Creator: Fred Rogers
· Submitter: Illinois Pathways
· Signer: John Jones
Use case #2: John Jones has left the Timbuktu school district, and Beth Johnson has taken his place. She wants to update the record and does so through our web site. This time publisher, creator, submitter, and signer are:
· Publisher: PBS
· Creator: Fred Rogers
· Submitter: Illinois Pathways
· Signer: Beth Johnson
The reason for doing it this way is that John is no longer around to update the resource, but Beth is. We can trust Beth’s update because though she is a different person, the submitter is the same. This could also work in the case where you have multiple people in an organization submitting resources to LR.
Does this sound like a reasonable approach? Is there any reason why we should not do it this way?
Jerome Grimmer
Southern Illinois University Carbondale
2450 Foundation Drive Suite 100
Springfield, IL
"If you think you're too small to make a difference, you've never spent a night with a mosquito." - An African Proverb
Hi Jerome,Good to hear from you. Since we're working on updates and deletes in LR right now, your email is timely. Adding collaborate list b/c this is only semi-technical and of interest probably to both groups.First off, as a general rule you should be signing documents using a public key that is long lived and well managed. So giving each user a key that they own is probably not great since users will leave and then you can't update their records easily. Most likely the key should be owned/maintained by your website or service and you should publish on behalf of your users. A simple rule might be "keys = websites/organizations." If you want to include identifiers for the users, like a twitter handle or something, we have a "signed on behalf of" approach, which hopefully Jim can detail for you. Not totally worked out but it permits a user identity within the signature from an organization.If you as an organization sign the envelopes, then you don't care if the user leaves, you can still update their records. The big idea is that in LR anyone who controls the private key can update/delete a record signed using that private key.
We may also introduce the ability for node operators to permit "super keys" where someone who publishes updates/deletes signed with a superkey can modify records they don't own. This would be on a node-by-node basis, so there would be no superkeys across the federation.
So my rec is that you manage a single key, and publish user identities in other identity fields in the envelope and then use that key over a long period to update/delete envelopes as needed.
Jim or Walt will chime in if I'm giving bad advice, but I think that's the skinny.Let us know what you think - we're still developing the solution so open to some input (though pretty far along in implementation so some stuff is baked already).SteveOn Wed, Dec 19, 2012 at 8:11 AM, Jerome Grimmer <jgri...@siuccwd.com> wrote:
Hi guys,
We are writing code in preparation for publishing to the Learning Registry. This is how we’re thinking of populating the publisher, creator, submitter, and signer fields. Publisher and Creator are part of the nsdl_dc schema, which we will be using for publishing. The other fields are part of the LR document.
Use case #1: PBS has made a Mr. Rogers Neighborhood episode available online. John Jones of Timbuktu, Illinois elementary school decides to publish this resource through our web site. We are thinking of assigning publisher, creator, submitter, and signer as follows:
· Publisher: PBS
· Creator: Fred Rogers
· Submitter: Illinois Pathways
· Signer: John Jones
Use case #2: John Jones has left the Timbuktu school district, and Beth Johnson has taken his place. She wants to update the record and does so through our web site. This time publisher, creator, submitter, and signer are:
· Publisher: PBS
· Creator: Fred Rogers
· Submitter: Illinois Pathways
· Signer: Beth Johnson
The reason for doing it this way is that John is no longer around to update the resource, but Beth is. We can trust Beth’s update because though she is a different person, the submitter is the same. This could also work in the case where you have multiple people in an organization submitting resources to LR.
Does this sound like a reasonable approach? Is there any reason why we should not do it this way?
Jerome Grimmer
Southern Illinois University Carbondale
2450 Foundation Drive Suite 100
Springfield, IL
"If you think you're too small to make a difference, you've never spent a night with a mosquito." - An African Proverb
--
--
You received this message because you are subscribed to the Google
Groups "Learning Registry: Collaborate" group.
To post: learning-regis...@googlegroups.com
To unsubscribe:learning-registry-collabo...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/learning-registry-collaborate?hl=en?hl=en
I think that will work. Just to check to make sure I have everything straight for the Mr. Rogers Neighborhood episode in my example:· Publisher: PBS· Creator: Fred Rogers· Submitter: Illinois Pathways on behalf of John Jones· Signer: Illinois Pathways· The envelope will be signed with Illinois Pathways’ private key, which can be verified with the Illinois Pathways public key.Then when it’s updated by Beth Johnson (also of Timbuktu, Illinois elementary school), it will be handled this way:· Publisher: PBS· Creator: Fred Rogers· Submitter: Illinois Pathways on behalf of Beth Johnson· Signer: Illinois Pathways· The envelope will be signed with Illinois Pathways’ private key,, which can be verified with the Illinois Pathways public key.Is this how we should be doing it?
Jerome GrimmerSouthern Illinois University Carbondale2450 Foundation Drive Suite 100Springfield, IL
"If you think you're too small to make a difference, you've never spent a night with a mosquito." - An African Proverb
> unsubscribe:learning-registry-collabo...@googlegroups.com
>> For more options, visit this group at> en>>
--You received this message because you are subscribed to the Google Groups "Learning Registry: Collaborate" group.To post: learning-regis...@googlegroups.com
To unsubscribe:learning-registry-collabo...@googlegroups.com
For more options, visit this group at
--
Jim,
I’m actually working remotely today due to the weather. This is also my last day until the new year. I think a short conference call between us IT guys would be a good way to handle this. I’ll bug my team and see if we can have an internal meeting first, then have a short conference call with you to hash this out. Is that agreeable?
Jerome Grimmer
Southern Illinois University Carbondale
2450 Foundation Drive Suite 100
Springfield, IL
"If you think you're too small to make a difference, you've never spent a night with a mosquito." - An African Proverb