Revise what data is available to PG, stop allowing PG access to personal information as a default as such data may leak into "public" content (even is somewhat hard to find)

[taniwallach]

In today's developer meeting we discussed some of the aspects of separating the LMS/front-end side of webwork3 from the PG rendering back-end.

The consensus of the participants was that student identity information and lots of other things always passed by https://github.com/openwebwork/webwork2/blob/main/lib/WeBWorK/PG.pm from webwork2 to pg should probably not be supported on the PG side in webwork3.

At present, the need for such data for certain "acceptable" cases (headers for PDF generation, etc.) also allows this to be used elsewhere in a manner which may lead to violating data-privacy rules, etc.

It is understood that such a change will break existing problems which use special personalization.

However, "we" feel that the change has significant advantages in terms of meeting modern data security and privacy regulations.

Such a change would apparently require that the generation of TeX headers for PDF generation which contain student identity data be handled outside PG.

One option would be to use a simple templating mechanism handled by the "front end" (or a special service).

Another might be to provide this sort of additional data to the back-end renderer via a custom data transfer mechanism only when it is intentionally to do so (such as to render set headers for TeX generation).