Hub registration on hub directory

tables

on the hub server we have a class named hub_site_directory containg all registered sites :

Name	Type	Description
id	int	Standard autoincrement
name	varchar	Name of the site
description	text	Description of the site
url	varchar	The full URL to the site front page
token	varchar	The token used to call the site
trusted	int	Is the site trusted?
language	varchar	What is the primary language of this site? (blank for multilanguage)
timeregistered	int	Time that the site was first registered
timemodified	int	Time that the site was last modified
contactname	varchar	Name of the contact person
contactemail	varchar	Email of the contact person
contactphone	varchar	Phone of the contact person
contactable	int	can we contact the person
imageurl	varchar	site logo url
visible	int	is site visible (i.e. enable field)
prioritise	int	is this site prioritised
countrycode	varchar	country code ISO 3166
regioncode	varchar	region code ISO 3166-2
street	varchar	street
geolocation	varchar	lattitude and longitute (like in googlemap/twitter)
moodleversion	varchar	Moodle version
moodlerelease	varchar	Moodle releasel
ip	varchar	last IP of this site
courses	int	Number of courses on this site
users	int	Number of users on this site
enrolments	int	Number of enrolments on this site
resources	int	Number of resources on this site
questions	int	Number of questions on this site
modulenumberaverage	int	Module number average on this site
participantnumberaverage	int	NParticipant number average on this site
emailalert	int	Do we send email notification
privacy	varchar	"public"/"private"
posts	int	Number of posts on this site

communication

security design

Site registration on a hub server

tables

communication

security design

Course publication

tables

communication

security design

Operations

Following the different communication operations expected between Moodle.org, hub servers and Moodle site.

Moodle site and Hub server

Moodle.org Hub directory and (Moodle.org) Hub server

Moodle site and Moodle.org Hub directory

Method

We are going to use web service. However we create a new /hub/webservice.php entry point, that will by pass $CFG->enablewebservice and consider a protocol as activated.

Site/Hub Registration operations

1. The site/hub creates a specific ws user, a specific ws role, a specific ws service and a specific token.
2. The site/hub sends by POST the web service token to the hub server/hub directory.
3. The hub server/hub directory creates a specific ws user, a specific ws role, a specific ws service and a specific token.
4. The hub server/hub directory calls the web service function: confirm_registration($thisisyourtokentocallme).
5. Finally the hub server/hub directory calls the web service call get_info function for its first time

Unknown caller operations

the hub/webservice.php entry point should by pass token authentication for this specific listed function

Operation list

• global search
• search courses on a hub
• site user rating (TBD)
• site user comment (TBD)
• get hub list from the hub directory

Other operations

The site/hub server/directory should all have specific token to talk to each other.

Security

Disable generated service and token

the security problems: somebody uses the hub access to execute other functions (either bug in moodle or admin misconfiguration); somebody uses normal services to execute hub function (site misconfiguration)
Solution: generated service and token should not be usable through normal /webservice/ entry points. Administration should not list the generated service and token. Cannot create a service with hub function.

Hacking testing

1. hack client sites and updated the hub info with spam
2. hack the hub and then tried to attack all client sites - probably some exploit of older version, or at least get as much emails and personal data from all sites

Note

• we need an option on settings page that:

1. delete previous user,role,service,and token.
2. Then the site rebuilds them.
3. The site would just call a ws function confirm_registration($thisisyourtokentocallme) on the hub server/hub directory.

• we need to decide which ws protocol the community hub will use

New Roles

Moodle.org Hub list

"Public Directory User" - Role for any sites :

• moodle/hubs:view (public token for any sites) for searching the global listing

"Directory User" - Role for hub to update the listing:

• moodle/hubs:updateinfo (private token for any registered hub) for updating hub information (it creates a new private token different from the one used to call this function)

Hub server

Will have one new user per registered site, plus one for Moodle.org hub directory and one for pubic users.

"Public Hub User" - Role for any site (public token)

• moodle/hub:view for course searches
• moodle/hub:rate for rating a course
• moodle/hub:comment for commenting a course
• moodle/hub:download for downloading a course template

"Registered Hub User" - Role for registered sites (private token -> each site gets a private user)

• moodle/hub:view for course searches
• moodle/hub:rate for rating a course
• moodle/hub:comment for commenting a course
• moodle/hub:download for downloading a course template
• moodle/hub:publish for publishing a course template
• moodle/hub:updateinfo (private token for any registered site) for updating site information (it creates a new private token different from the one used to call this function)

"Moodle.org Hub Directory" - Role for Moodle.org Hub Directory (private token)

• moodle/hub:viewinfo for getting hub information
• moodle/hub:view for getting course information
• moodle/hub:confirmhubregistration confirm the registration

Registered Site

Will have one new user for every hub it registers with.

"Hub User" - Role for Hub (private token)

• moodle/hub:registerinfo for getting site information
• moodle/hub:registercourses for getting course listing
• moodle/hub:confirmsiteregistration confirm the registration

New Services

We will have one hidden service per role. Following their name:

Moodle.org Hub list

the following service will exist only on Moodle.org Hub directory

"Hub directory public site":

• global search function

"Hub directory hub server":

• update info function

Hub server

the following services will exist on any Moodle site (but disabled till a first token is linked to it)

"Public site":

• course searches function
• rating a course function
• commenting a course function
• downloading a course template function

"Registered site"

• course searches function
• rating a course function
• commenting a course function
• downloading a course template function
• publishing a course template function
• update info function

"Hub directory"

• getting hub information function
• getting course information function
• confirm the hub registration function

Registered Site

the following service will exist on any Moodle site (but disabled till a first token is linked to it)

"Hub server"

• getting site information function
• getting course listing function
• confirm the site registration function

New Users

Moodle.org Hub list

A user is be linked to one role only and one service only

"Public sites": they all use the same public_directory_user user.

• His role is 'Public Directory User'
• His service is 'Hub directory public site'

"Hub servers": they all have their own $huburl."_directory_hub_user" user.

• Their role is 'Directory user'
• Their service is 'Hub directory hub server'

Hub server

"Public sites": they all use the same 'public_hub_user' user.

• His role is 'Public Hub User'
• His service is 'Public site'

"Registered sites": they all have their own $siteurl.'_registered_site_user' user.

• Their role is 'Registered Hub User'.
• Their service is 'Registered site'.

"Hub directory": they use their own $hubdirectoryurl.'_directory_user' (in case the hub directory change his url)

• Their role is 'Moodle.org Hub Directory'.
• Their service is 'Hub directory'.

Registered Site

"Hub servers": they all have their own $huburl.'_hub_user' user

• Their role is 'Hub User'
• Their service is 'Hub server'

See also

• Community hub