Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Caliper session profile, and Sessions, should support proxied sessions, "actual user" #548

Open
ViktorHaag opened this issue Mar 19, 2020 · 0 comments
Labels
Post 1.2 items to review after 1.2 release Proposal

Comments

@ViktorHaag
Copy link
Contributor

We should explicitly make room for events where the actor of a Session Event is manipulating a Session who's user is some other user (that is the Event's actor is User A, but Session.user is User B). This would allow us to talk about these use cases:

  • users being logged out by daemons or administrators, and distinguishing those cases from a user logging themselves out
  • users being "impersonated", or proxied, by another user (this is a common LMS use-case: "instructor impersonates student in order to submit quizzes left unsubmitted on student's behalf" and similar things).

In order to support these cases, I propose we do two things:

  • explicitly describe as possible SessionEvent.actor being different to the event's contained Session.user; as far as I can see, this might be allowed right now because I'm not sure we forbid it; but we don't say anything about it.
  • put a new property on Session called actualUser: the Session.user field identifies the "logged in user" that "owns" the session (i.e when the system is checking ownership of objects, or permissions, etc, then it treats the session as "being" Session.user); if there is another user behind the session who's proxying "as User B", then the Session.actualUser field captures that -- note this aligns in general with the limited support that LTI has for this concept.
@ViktorHaag ViktorHaag changed the title Caliper session profile, and Sessions, should support proxied sessions Caliper session profile, and Sessions, should support proxied sessions, "actual user" Mar 19, 2020
@ViktorHaag ViktorHaag added Post 1.2 items to review after 1.2 release Proposal labels Mar 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Post 1.2 items to review after 1.2 release Proposal
Projects
None yet
Development

No branches or pull requests

1 participant