This ticket will track work so that roles sent from a consumer can map to roles within Sakai sites. This then extends the available roles that a consumer can send which matches the LTI spec.
There are quite a few roles that can be sent according to the LTI spec and role vocabulary. Most of these are a carry over from the LIS spec. Some are focused around the 'system role' which we would call user type in CLE so they are not applicable in this case. What we probably want are the ones relating to institution role even though the name isn't the best. There is also a list of roles redefined as 'context role' but those include sub roles which might confuse things since we don't have that concept.
So, based on institution role, these are the roles:
From that list we could choose the most applicable ones to support. Given that roles in CLE sites are not always consistent as you can have different site types/realms/templates, then we may need a mapping of these LTI roles to CLE roles.
have the mapping in sakai.properties. This may need to be a multivalued mapping though since the one LTI role might map to multiple CLE roles
The site would then get the incoming LTI role, check what roles are in the site and see if there is a match.
So an incoming LTI role of Student would get the values 'access' and 'student'. If the site has the access role, the user is assigned that role. The only issue (and probably an edge case) is if the site has both roles, which one to map to. I would suggest the first one, then the priority is clear.
Have a new site type that has these roles in it already, and just use that site type when creating the new site.
It is important to note that using the trusted consumer approach, the user is given the role they ALREADY have in the site. They are not provisioned at all.