Using Identifier-Based Credentials
If your iTunes U site is complex, uses advanced access controls, and contains many pages with access restricted by very similar credential structures, you can use unique page identifiers to make the administration of these pages and credentials easier.
By defining page identifiers throughout your site, you guarantee uniqueness across all pages in your site. You can then create a permission associated with each page with a credential string that includes the ${IDENTIFIER} variable and have iTunes U dynamically generate the credentials, substituting the provided page identifier for the ${IDENTIFIER} variable when performing authentication. By using page identifiers and variables when creating pages and credentials, you can create more generic credentials, reuse the credentials in multiple pages, and have iTunes U make the appropriate substitutions during authentication.
To create identifier-based credentials, using the course examples from earlier:
Log in to iTunes U as an administrator or another user with editing access.
Click Edit Access in the Tools area for the page where you want to define user access.
Choose your site name from the pop-up menu.
Click the Add icon to define a new credential, user access level, and label.
Type the following user credential:
Instructor@urn:mace:cupertinouniversity.edu:classes:${IDENTIFIER}
where ${IDENTIFIER} specifies that this is an identifier-based credential.
Choose the access level you want to assign to the credential from the Access Level pop-up menu: No Access, Download, Shared, or Edit.
Type a label for the credential in the Group Access Label field.
When you edit a Course page and assign access per group, iTunes U displays this label in the Access pop-up menu in the Access area within the Course page. If you do not specify a label, you cannot assign group-level access for the credential.
Click the Save icon to save the credential, access level, and label information.
iTunes U creates the instructor credential with the specified access level and label information.
Repeat steps 4 through 8 for the following credential:
Student@urn:mace:cupertinouniversity.edu:classes:${IDENTIFIER}
iTunes U creates the student credential with the specified access level and label information.
Since you used the ${IDENTIFIER} variable when you created the credentials, you can reuse the credentials in multiple pages. For the credentials you created, your Edit Access page looks like the following:
Click Done.
Click Logout.
To start using the new identifier-based credentials, create a new page (or edit an existing page) and configure it to use the ${IDENTIFIER} variable by specifying a unique page identifier in the Identifier field. For information on how to create a page using a unique identifier, see “Creating Welcome and Course Pages.”
In this example, even though you did not specifically create the Instructor@urn:mace:cupertinouniversity.edu:classes:fall06:eecs302:02 or Student@urn:mace:cupertinouniversity.edu:classes:fall06:eecs302:02 credentials to the Fall 06 EECS 302 Course page, you can access the page using the identifier-based credentials because iTunes U automatically substitutes fall06:eecs302:02 for the ${IDENTIFIER} variable when a user with these credentials accesses your iTunes U site.
Using this method you can create many pages and never have to create any additional credentials. The only requirements are that the pages have a unique page identifier and that this identifier is passed into iTunes U as part of the user’s credentials.
Note: When using unique page identifiers in your iTunes U site, because of how identifier-based credentials work, by default iTunes U sets access for the Authenticated@urn:mace:itunesu.com:sites:example.edu credential to Download on your site’s root Welcome page. Therefore, you must reset the permissions for the Authenticated@urn:mace:itunesu.com:sites:example.edu credential to No Access to prevent authenticated users from accessing restricted areas of your site.
© 2009 Apple Inc. All Rights Reserved. (Last updated: 2009-11-04)