TRAX LRS provides a pseudonymization feature which consists in replacing real agent identities by artificial identities in all the recorded statements.
The relation between artificial identities and real identities are also kept in the LRS. So the APIs may return statements with real or artificial identities, depending of the situation.
{danger} Configure the pseudonymization before starting to record statements. Then, don't change these settings or you may get inconsistent behaviors.
You choosing the LRS configuration profile, you have 2 options. You can enable both agents and groups pseudonymization:
XAPI_STORE_PROFILE=full_pseudoOr enable agents pseudonymization only:
XAPI_STORE_PROFILE=partial_pseudoArtificial identities always look like this:
{
"account": {
"name": "3f81141f-f4a8-42d3-9be0-99637cc32548",
"homePage": "http://pseudo.traxlrs.com"
}
}The account.name is a generated UUID. The account.homePage is configured in the .env file:
XAPI_STORE_PSEUDO_IRI=http://pseudo.traxlrs.comThe standard Statements API returns statements with real identities, as long as they are stored in the LRS.
So the xAPI conformance is not broken by the pseudonymization feature.
You can use both artificial and real identities in the agent filter.
The filtered agent will appear with its artificial or real identity in the returned statements,
depending of the identity you used in the filter.
By default, the extended Statements API also returns statements with real identities, as long as they are stored in the LRS.
However, the extended API accepts the reveal option, that may be set to false when real identities must be hidden.
Refer to the Extended API documentation to get more information.
You can use the standard Agents API to get the relation between the real and artificial identities of an agent.
Refer to the official xAPI documentation to understand this API.
You can remove real identities from the LRS, which is a great feature to comply with the GDPR. The statements are not removed. They stay into the LRS with artificial identities.
In order to remove an agent from the LRS, you need a client/access with the Manage xAPI Data permission.
Then, you can use the extended API endpoint http://traxlrs.test/trax/api/<uuid-generated-for-your-access>/xapi/ext/agents with the DELETE method and the following parameters:
{
"filters": {
"agent": {
"account": {
"name": "john",
"homePage": "http://traxlrs.com"
}
}
}
}Pseudonymization has a significant impact on performances, both for writing and reading operations.
During writing operations, agents and relation tables must be updated and statements must be modified before being written.
During reading operations, real agents identities must be get from the agents table and statements must be modified before being returned.