andrea chappell, university of waterloo uw on itunesu: authorization
TRANSCRIPT
Andrea Chappell, University of Waterloo
UW on iTunesU: Authorization
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
UW interests in iTunes U
Communication about UW– Guest lectures, interviews with community professionals– Tours of campus (Library, galleries, etc.)– What’s happening at UW
Courses and training– Podcasts and enhanced podcasts for visual content– Assignment or topic “lead-ins” to arouse interest – Syndication (subscription) a desirable feature
Field guides for courses with “field” components
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
UW Pilot
Signed contracts with Apple in Fall 2006
Make available to interested parties
Plan to learn from and with them
Warn that this is just a pilot, no guarantees!
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
Beyond Public Access
Public access is pretty easy.
Restricted access desired for some applications, like courses.– Authentication (login to prove who you are)– Authorization (gaining access to areas based on
“credentials”, such as member of class list)
Also, different access levels for students, prof, TA– Students – download and subscribe– Professor, TA – upload and set-up area
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
The high level picture
What you can access is determined by:– Access rights set on “UW at iTunes U” areas– Your “credentials”
So, set the access rights and find a mechanism for setting credentials!
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
Start with the iTunes U scripts
The iTunes U scripts• Start iTunes on client, points to “UW on iTunes U”
Tailor script for local login and to collect credentials for authorization.
Accessing public areas … nothing else needed.
Try to access restricted areas … script points to your authentication mechanism and collects your “credentials” for authorization
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
iTunes U access rights set-up
Edit each "page" on "UW on iTunes U" to set access rights – E.g., "UWPilot" page available to authenticated users
Edit each course to set access rights– E.g., S07MSCI211 course is available only to the
MSCI211 summer 2007 instructor and class list• Instructor@urn:mace:uwaterloo.ca:UWPilot:S07MSCI211
• Students@urn:mace:uwaterloo.ca:UWPilot:S07MSCI211
– E.g., give instructor upload/edit, students download.
Rights "cascade" from above, overridden below.
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
Waterloo AuthN and AuthZ
At UW Authentication – points to AD login
Authorization – credentials collection – At UW, two sources:
• AD Groups (query for groups in which you are a member)
• Internal “hard coding” of our modified start-up script for some special cases (like administrators).
– Must generate all credentials at once.
Script passes credentials through to iTunes U.
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
A tip!
Instead of:Students@urn:mace:uwaterloo.ca:UWPilot:S07MSCI211
we make heavy use of course “label”, ${IDENTIFIER}.
Set the access permission once on the page level:Students@urn:mace:uwaterloo.ca:UWPilot:${IDENTIFIER}
… and because of inheritance, all students can be set to have default download only, likewise, instructors edit/upload. Ta-da!
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
UW Issues
Class list groups in AD can be automated; need drops/adds automated too.
Managing depopulating/decommissioning groups.
How to add professor, TAs, observers? Still AD groups or iTunes U custom solution?
Who can create groups (AD or other mechanism)?
LMS linkages– How to archive and associate iTunes U content with
course? Maybe not considered core part of course?– Merged course sections … how to handle?
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
Things to think about
Is authorization important?– If mostly public access, probably not!– If so, how will you create the credentials?– Issues for managing credential groups (who can?, lots
of maintenance).– If mostly for courses, is LMS authZ a better solution?
UW in the midst of Access and Identity Management project– Campus AIM directions?– iTunes U fit into AIM directions?
CANHEIT | Power Through Collaboration | May 27-30, 2007 | UW on iTunes U – Authorization Set up
How to move ahead with AuthZ
MacLearning webcast from 28 March 2007– Examples from universities (Banner & SQL db, Banner
& AD, and Apple engineer)
Collaborate!– Stay in touch about how you are approaching credential
solutions, and “tips” for the rest of us.– [email protected]