Versions Compared

Old Version 7

changes.mady.by.user Chris Hyzer

Saved on

compared with

New Version Current

changes.mady.by.user paul.gazda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Subjects

  1. How are subjects namespaced?
  2. How is a subject represented?  What attributes are built in? (e.g. Grouper has built in name, description, id, source, and can be searched by identifier or id or either).  Or does the group service communicate with an id, and subject information is retrieved from another system.
  3. Can you get netId's back from the service or just opaque id's?

Protocol

  1. Initial assumption is web service based with pluggable authentication
  2. Do we need a messaging design (xmpp)?
  3. REST? (if REST, then XML, JSON, and/or XHTML)?
  4. SOAP?
  5. Simple calls?
  6. Batched calls (e.g. replace all members of a group with the attached list)?  (if batched, can you pass a TX type)?
  7. Simple responses or complex responses (e.g. for groups a subject is in, return just the ID (KIM) or return group information(Grouper))?
  8. How are results communicated back?  Result code, description, warnings, errors, success_TF, etc?
  9. If you add a member to a group who is already a member, is that a success, and is there a result code that represents that? (same with delete)
  10. Paging and sorting for results?
  11. Is the client and server version transmitted in the request/response?

Security

  1. Act as another user?
  2. Do privileges on groups factor in?  Can you assign a privilege on a group to someone (e.g. someone can edit the memberships of the group)?
  3.  

Structure

  1. Simple API (like OpenSymphony), or complex
  2. More operations that are well defined (KIM), or fewer operations with options (Grouper)?

Group namespaces

  1. Is a Group a Subject?  i.e. can you add a group to a group with the same operation as add user to group?
  2. Deep namespace or one level namespace?
  3. Besides group namespace (folders), is there some sort of "source" for a group (e.g. group system, dynamic, group system B, etc)
  4. Can you filter operations by namespace (i.e. groups a subject is in that are in a certain namespace directly or indirectly)?
  5.  

Group structure

  1. Do groups have lists (e.g. add a member to list X of Group Y)?  i.e. this is a triple assignment, instead of a tuple, though there could be a default for simple things (e.g. "members" list)
  2. Do groups have an ID and name, or an ID / display name / system name? (or other)
  3. How are group searches done (e.g. boolean logic, e.g. group name is X and in folder Y)
  4. Can groups have types (labels)?
  5. Are composites in scope (e.g. someone is in this group if they are also in another group)?
  6. Do groups have enabled/disabled dates?
  7. Can you add a member to a group by ID or system name?  Or lookup the group first and use ID?
  8.  

Memberships

...

To help establish the initial design of a Groups API, please first add a brief description of your project to this page. Then, answer the questions on each of these pages:

Child pages (Children Display)

COmanage

COmanage is an Identity Management System for Collaborative (Virtual) Organizations. COmanage Gears is the core IdMS, and is written in PHP. COmanage uses groups in the following ways:

  • To manage authorizations within COmanage Gears (eg: who can add and remove members of a CO).
  • To manage group memberships for domesticated applications (eg: wikis, mailing lists, domain-specific apps) within the COmanage ecosystem.

NAU Enterprise Groups

Northern Arizona University uses Grouper to implement an Enterprise Group System to handle formation and management of groups across the institution. Using a custom designed interface, campus users can create and manage pesonal and organizational groups which are automatically provisioned to LDAP and Active Directory.