unnecessary information exposure during Canvas roster sync

[timkato]

iPeer's Canvas integration shouldn't expose student email addresses or PUIDs during a roster sync

[timkato]

also noticed password (which ubc doesn't use due to CWL integration) is exposed when a new student is added to an existing course in a later roster sync

[wynnset]

@timkato are we talking about not showing the email address / PUID / password on the import result screen? Or do we want to hide this information from instructors in general in iPeer?

Hiding it in the import results screen is fairly easy, but hiding that information in general in iPeer is a bit more problematic and will take some time.

As far as I know, in iPeer, instructors are allowed to look at user information, including student's email addresses and username (typically the same as PUIDs). Please note that all of this new import functionality is piggybacking on the existing CSV import functionality that existed in iPeer before this, so I will need clarification on whether this ticket only applies to the Canvas import or if it's something we want to change for the CSV import, as well.

Here is what we need to consider for each of those 3 fields you have requested to hide:

Password

During the import, a random password is generated on the spot for the new iPeer user, and displayed in the result screen so the person importing can give that to the user so they can log into iPeer (i.e. it's not imported from Canvas or anything).

Our options here:

• We can hide the password when doing a Canvas import.
• We still do need to somehow provide the student with their login information. We could perhaps do this by automatically sending each imported student an email with their login information (this is an existing feature in iPeer).

PUID

The PUID is used for 2 purposes:

1. As the username for the user (they can use it to log in to iPeer)
2. As the "key" linking the iPeer user to the Canvas user

If we want to hide the PUID from an instructor, we'll have to either:

• A. Not use it as a username (since usernames are displayed to instructors in iPeer). If we go with this option, we'll have to add another field to the user table and use it for the Canvas linkage. Additionally, we'll have to somehow create a username for the student that is not related to their PUID.
• B. Hide usernames in iPeer. This will be a core change to iPeer.

Email address

A user's email address is used in iPeer to send them email notifications. Student email addresses are visible to instructors in iPeer.

Our options:

• A. Not import the user's email address from Canvas (not recommended because they will not receive notifications, etc. and we cannot send them their login information).
• B. Hide email addresses in iPeer from instructors.

@xcompass / @andrew-gardener might have some feedback about this as well. Please give me your thoughts on what you think about the options I have provided here to mitigate the mentioned exposures.

[timkato]

Ok thanks!

Since we use CWL for passwords we don't need to worry about the local iPeer passwords at UBC. Probably ideal to hide the password during Canvas import to avoid confusion.

I'm thinking that we just leave the PUIDs/usernames as is, no changes. That should be fine.

We should hide email addresses from instructors, they aren't supposed to have access to these.