Development:Community hub - technical specification: Difference between revisions
Line 57: | Line 57: | ||
*moodle/hubs:view (public token for any sites) for global search | *moodle/hubs:view (public token for any sites) for global search | ||
"Directory User" - Role for | "Directory User" - Role for hub to update the listing: | ||
*moodle/hubs: | *moodle/hubs:updateinfo (private token for any registered hub) for update information (it reset the private token) | ||
==Hub server== | ==Hub server== |
Revision as of 03:12, 27 March 2010
Operations
Following the different communication operations expected between Moodle.org, hub servers and Moodle site.
Moodle site and Hub server
Moodle.org Hub directory and (Moodle.org) Hub server
Correction: Moodle.org will not get any template file, just course info (and if authorised only).
Moodle site and Moodle.org Hub directory
Method
We are going to use web service. However we create a new /hub/webservice.php entry point, that will by pass $CFG->enablewebservice and consider a protocol as activated.
Site/Hub Registration operations
- The site/hub creates a specific ws user, a specific ws role, a specific ws service and a specific token.
- The site/hub sends by POST the web service token to the hub server/hub directory.
- The hub server/hub directory creates a specific ws user, a specific ws role, a specific ws service and a specific token.
- The hub server/hub directory calls the web service function: confirm_registration($thisisyourtokentocallme).
- Finally the hub server/hub directory calls the web service call get_info function for its first time
Unknown caller operations
the hub/webservice.php entry point should by pass token authentication for this specific listed function
Operation list
- global search
- search courses on a hub
- site user rating (TBD)
- site user comment (TBD)
- get hub list from the hub directory
Other operations
The site/hub server/directory should all have specific token to talk to each other.
Security
Disable generated service and token
the security problems: somebody uses the hub access to execute other functions (either bug in moodle or admin misconfiguration); somebody uses normal services to execute hub function (site misconfiguration)
Solution: generated service and token should not be usable through normal /webservice/ entry points. Administration should not list the generated service and token. Cannot create a service with hub function.
Hacking testing
- hack client sites and updated the hub info with spam
- hack the hub and then tried to attack all client sites - probably some exploit of older version, or at least get as much emails and personal data from all sites
Note
- we need an option on settings page that:
- delete previous user,role,service,and token.
- Then the site rebuilds them.
- The site would just call a ws function confirm_registration($thisisyourtokentocallme) on the hub server/hub directory.
- we need to decide which ws protocol the community hub will use
New Roles
Moodle.org Hub list
"Public Directory User" - Role for sites to search the listing:
- moodle/hubs:view (public token for any sites) for global search
"Directory User" - Role for hub to update the listing:
- moodle/hubs:updateinfo (private token for any registered hub) for update information (it reset the private token)
Hub server
Will have one new user per registered site, plus one for Moodle.org hub directory and one for pubic users.
"Public Hub User" - Role for any site (public token)
- moodle/hub:view for course searches
- moodle/hub:rate for rating a course
- moodle/hub:comment for commenting a course
- moodle/hub:download for downloading a course template
"Registered Hub User" - Role for registered sites (private token -> each site gets a private user)
- moodle/hub:view for course searches
- moodle/hub:rate for rating a course
- moodle/hub:comment for commenting a course
- moodle/hub:download for downloading a course template
- moodle/hub:publish for publishing a course template
"Moodle.org Hub Directory" - Role for Moodle.org Hub Directory (private token)
- moodle/hub:viewinfo for getting hub information
- moodle/hub:view for getting course information
- moodle/hub:confirmhubregistration confirm the registration
Registered Site
Will have one new user for every hub it registers with.
"Hub User" - Role for Hub (private token)
- moodle/hub:registerinfo for getting site information
- moodle/hub:registercourses for getting course listing
- moodle/hub:confirmsiteregistration confirm the registration
Services
We will have one hidden service per role. Following their name:
Moodle.org Hub list
the following service will exist only on Moodle.org Hub directory
"Hub directory public site":
- global search function
"Hub server":
- update info function
Hub server
the following services will exist on any Moodle site (but disabled till a first token is linked to it)
"Public site":
- course searches function
- rating a course function
- commenting a course function
- downloading a course template function
"Registered site"
- course searches function
- rating a course function
- commenting a course function
- downloading a course template function
- publishing a course template function
"Hub directory"
- getting hub information function
- getting course information function
- confirm the hub registration function
Registered Site
the following service will exist on any Moodle site (but disabled till a first token is linked to it)
"Hub server"
- getting site information function
- getting course listing function
- confirm the site registration function