By integrating iTunes U with your existing authentication and authorization services, you validate user information and ensure secure access to your iTunes U site. Using your systems to authenticate and authorize users, you can maintain control over the access users have to every page and group within your site as well as the user information sent to iTunes U. You transfer only the user information you want to provide to iTunes U.
The user information you provide to iTunes U consists of the types of users you defined for your system, also known as user credentials. The credential information you send to iTunes U consists of the user’s attributes (for example, student, instructor, administrator) and unique identifier. This information officially identifies the user and confirms the user’s ability to access the iTunes U site and its individual resources. Once you have defined these credentials in your system, you must specify the exact credential strings in the iTunes U Edit Access pages and select the level of access you want to grant to each type of user. You can specify credentials at any page level in your iTunes U site and assign a different access level for every page or hierarchy of pages. The credentials you send to iTunes U, together with the access levels you define within your site, control the actions a user can perform within each iTunes U page or group.
You can create as many credentials as needed to accomplish the access you want for your site. For each credential, you can define a different access level for every page, group, or hierarchy of pages within your site. The access level you define for a credential at your site’s root page is inherited throughout all descendant pages and groups in your site, unless it is explicitly overridden by a descendant page or group definition. For example, if a user has download access at your site’s root Welcome page, the user automatically receives download access to the page’s descendants. If a user has more than one credential per page (users can have up to 100 credentials), iTunes U grants access to the page based on the highest level of access defined by all the user’s credentials. For example, if a user has download access to a page with one credential, and Shared access to the page with another credential, the user automatically receives the higher-level Shared access to the page.
As an example, you could send iTunes U the following credential, identity, and time information for an instructor at your institution.
credentials=Instructor@urn:mace:example.edu:classes:fall06:eecs302:02&identity="Jane Doe"<jdoe@example.edu>(jdoe)[528392]&time=1139331600
You could then define access levels for the Instructor@urn:mace:example.edu:classes:fall 06:eecs302:02&identity="Jane Doe"<jdoe@example.edu>(jdoe)[528392]&time=1139331600 credential in the Edit Access page and restrict the instructor to the specific fall06:eecs302:02 Course page within your iTunes U site.
To get you started, iTunes U provides you with the following built-in user credentials:
Administrator. iTunes U automatically provides this credential so the site administrator has the most access to your iTunes U site, allowing the administrator to create new pages, assign ownership of pages to specific instructors, and manage the iTunes U site. When editing credentials, you can only change the Group Access Label for the iTunes U built-in site administrator credential. When logging in to your site as the administrator, you must pass this credential to iTunes U in your transfer script.
Authenticated. iTunes U automatically provides this credential to every user transferred into iTunes U with a valid authorization token. By default, this credential has no access to iTunes U pages or groups. iTunes U determines this credential at login; do not pass this credential to iTunes U in your transfer script.
Unauthenticated. iTunes U automatically provides this credential to every user transferred into iTunes U without an authorization token (for example, directly through a URL). By default, this credential has no access to iTunes U pages or groups. iTunes U determines this credential at login; do not pass this credential to iTunes U in your transfer script.
All. iTunes U automatically provides this credential to every user transferred into iTunes U with or without a valid authorization token. By default, this credential has no access to iTunes U pages or groups. iTunes U determines this credential at login; do not pass this credential to iTunes U in your transfer script. Use All to give authenticated and unauthenticated users the same permissions with a single credential. To make content in your iTunes U site available to the public, you must update the access level for this credential.
In addition to the iTunes U built-in credentials, you can create credentials for the specific types of users accessing your site. For example, you might want to create the following types of user credentials:
Instructor. You can create an Instructor credential and specify that this user has access constrained to the classes to which the instructor is assigned, allowing the instructor ownership for the particular class and its Course page.
Student. You can create a Student credential and specify that this user has the least access, constrained to the classes in which the student is registered, allowing the student access to the particular class and its Course page, with specific Course page access defined by the instructor who owns the page.
Every user who tries to access your site is assigned the All credential. In addition, users are assigned the Authenticated or Unauthenticated credential depending on whether or not they were transferred into iTunes U with an authorization token. For more information on authorization tokens, see “Transferring Authorization Data to iTunes U.”
Creating your site’s user access permissions can be a lot of work. Before you begin, you should define some guidelines or strategies for making the task easier. For example, by using a unique page identifier when creating a Course page, and creating a permission for the page with a credential that includes the ${IDENTIFIER} variable, the Course page substitutes the provided page identifier for the ${IDENTIFIER} variable when performing authentication. By using page identifiers and variables when creating pages and credentials, you can reuse the credentials in multiple pages, and iTunes U makes the appropriate substitutions during authentication. For more detailed information, see “Controlling User Access to iTunes U Pages Using Advanced Access” and “Using Identifier-Based Credentials.”
© 2009 Apple Inc. All Rights Reserved. (Last updated: 2009-11-04)