Re: LUG: The Future of UnWRAP - Fri, 09 Sep 2011 07:02:55 -0400

Subject : Re: LUG: The Future of UnWRAP

From : Matthew Frazier <mlfrazie@ncsu.[redacted]>

Date : Fri, 09 Sep 2011 07:02:55 -0400

On Sep 8, 2011, at 23:29 , Edward Anderson wrote:

> Good luck - I hope it turns out well! Maybe it's because of the policy around it that people haven't ventured into this territory much before (that I'm aware of), but I think it's an incredibly useful idea.
>
> I'm curious to know how FERPA ties into this. Is data considered "student data" that must be protected just because someone uses their unity ID to log into a site? Or is this just a password protection issue?
>
> Edward

If a person has a FERPA privacy block on their account, then their username is considered personal information, and releasing it to an outside party is a federal crime. I know that's kind of ridiculous, but OIT and ITECS are working on deploying a new system called Shibboleth that will allow students to indicate explicitly which information they wish to make available to the external site, which should prevent the FERPA issues (they think).

At any rate, if you have a FERPA privacy block set, you don't show up in the LDAP directory. So, the easiest solution for UnWRAP is to make sure that the person has an account record in LDAP before forwarding on their info. (A later revision of the protocol could also use the LDAP connection to send along their name and email with the username if the site requests it.)

Thanks,
Matthew Frazier
North Carolina State University

Replies :

Re: LUG: The Future of UnWRAP