andrewnicols
commented
3 years ago Hi David,
I'm going to close this issue as the OneRoster enrolment plugin does not store any data, nor does it pass any data to an external location.
In its current form, the OneRoster enrolment plugin only fetches data from the remote system, and it does not pass any user identifiable data to OneRoster to do so.
All searches are made using the sourcedId of objects, which the OneRoster specification states must not be personally identifiable information:
The sourcedId of an object is considered an addressable property of an entity and as such will not be treated as Personally Identifiable Information (PII) by certified products. Therefore, as a part of certification, vendors will be required to declare that they will notify customers via documentation or other formal and documented agreement that sourcedIds should never contain PII in general, but particularly users. This means that if a customer includes a student name in an enrollment.sourcedId, it will not fall to any certified product to protect the enrollment.sourcedId as PII, or even the userSourcedId field in the enrollment record;
Excerpt from http://www.imsglobal.org/oneroster-v11-final-specification#_Toc480452007 section 4.1 - sourcedId
The only credentials used are OAuth tokens (1.1a, and 2.0).
When we implement the Gradebook endpoints for OneRoster then we will need to update the Privacy declarations to state that grade data is passed from Moodle to the OneRoster endpoint, but not until that point.
Thanks,
Andrew
mudrd8mz
Describe the bug It is hard for me to believe that
core_privacy\local\metadata\null_provideris the appropriate privacy description provider in this type of plugin. Even if the plugin does not store any personal data itself, I suspect there are personal data being processed and exchanged with the external system.I would expect https://docs.moodle.org/dev/Privacy_API#Indicating_that_you_export_data_to_an_external_location be provided.