Audit MIT OL profile data across applications - determine synchronization approach

[collinpreston]

User Story

As a learner of any MIT Open Learning application, when I define profile information in one MIT OL application, that profile information should be reused and auto-populated in other MIT OL applications that require that same data.

Description/Context

1. Audit what attributes comprise learner profiles across all applications.
2. Determine the best technical solution for synchronizing profile information across all OL applications.
3. Determine how to enforce validations that conform to existing validations for all OL applications.

[collinpreston]

Audit information is being composed here: https://docs.google.com/spreadsheets/d/12slJzkfccqRmMVMewSrooI_d-rlFqoxheYEBjebt-yQ/edit#gid=0

[pdpinch]

Might be useful to look at the schema for the combined user mart in the data platform.

https://mitodl.github.io/ol-data-platform/#!/model/model.open_learning.marts__combined__users#details

[collinpreston]

Based on the audit of profile data as well as an understanding of how the profile data is being used by applications and our organization, I suggest that the following attributes are shared amongst applications: First Name, Last Name, Full Name , Email, Address, Country, City, State, Zip, Gender, DOB, Highest Level of Education, Company, Job title, Company Size, Industry, Job Function, Years of work experience.

Almost all of these use the same data type and perform the same validations. A few differences between applications were found, such as Gender which some applications provide more options than others. In the case of Gender, or any other profile attribute with values that differ between applications, I suggest that we update all applications to support all currently possible values found across our applications.

In order build the functionality for sharing profile data across applications, I suggest that we utilize our existing Keycloak SCIM extension and integrate a SCIM client into our client applications. With this proposed setup, profile data can be updated in client applications via Keycloak SCIM requests. Clients can update profile data in Keycloak using the Keycloak REST API.

Client applications will need to validate the profile attributes received from Keycloak via SCIM. Keycloak should not be depended upon to validate the profile data received from a client application via SCIM or updated via the Keycloak account forms. The SCIM specification does define some data types which can be used to assist with data integrity between Keycloak and client applications (https://thalesdocs.com/sta/api/scim/scim_attrbts/index.html#scim-core-user-attributes), however, client applications are still be expected to perform any more rigorous validations if needed.