Groups API Questions - Group structure

Owned by Chris Hyzer
Last updated: Jan 11, 2011 by EricEVersion comment
3 min read

Questions

  1. Do groups have lists (e.g. add a member to list X of Group Y)?  i.e. this is a triple assignment, instead of a tuple, though there could be a default for simple things (e.g. "members" list)
  2. Do groups have an ID and name, or an ID / display name / system name? (or other)
  3. How are group searches done (e.g. boolean logic, e.g. group name is X and in folder Y)
  4. Can groups have types (labels)?
  5. Are composites in scope (e.g. someone is in this group if they are also in another group)?
  6. Do groups have enabled/disabled dates?
  7. Can you add a member to a group by ID or system name?  Or lookup the group first and use ID?
  8. Grouper has aliases for groups (i.e. when you rename a group, it can still be referenced by its old name), is this applicable to the Groups API somehow?

COmanage responses

  1. No.
  2. ID and name.
  3. Simple matches/substring.
  4. No.
  5. Not explicitly (although if the underlying group management system supports it, then yes).
  6. Not currently.
  7. Current model requires the ID.
  8. No specific COmanage requirement, but if this is part of the API it would be useful to have a function to tell if the reference is old (like stat/lstat).

Grouper responses

  1. Do groups have lists: Grouper has this, but not everything supports it, so we should probably leave it out of the API
  2. Do groups have an ID and name, or an ID / display name / system name? (or other): I think it is important to have ID, display name, system name
  3. How are group searches done (e.g. boolean logic, e.g. group name is X and in folder Y): There is a way to do this in Grouper, not sure how necessary it is for release 1
  4. Can groups have types (labels)? Currently in grouper they can, not sure if it is necessary for fifer
  5. Are composites in scope (e.g. someone is in this group if they are also in another group)?  Grouper has this, but dont think it needs to be expressed in the fifer API
  6. Do groups have enabled/disabled dates?  Grouper doesnt have this, though people have requested it from time to time in a casual way
  7. Can you add a member to a group by ID or system name?  Or lookup the group first and use ID?  Grouper can lookup by uuid or name in one operation, and I think this is very useful
  8. Grouper has aliases for groups (i.e. when you rename a group, it can still be referenced by its old name), is this applicable to the Groups API somehow?  Grouper has this, though not sure if it is necessary for fifer API

Kuali responses

  1. No.
  2. KIM requires an id and a name.  The group's name is used as the display name in all cases and not sure what "system name" is.
  3. We provide a criteria-based query operation on our services (which are admittedly not very flexible at the moment).  I think having a general purpose query api is valuable (although as others said probably not the top priority) but there is a question as to whether we need to design some sort of simple query language for this or go a different route.
  4. The concept of a "group type" in KIM is fairly important, not sure if this corresponds to what is being asked here?  If groups support custom attributes then it could be modeled there if it's not of utility to others to include a typing construct.
  5. KIM does not have a requirement for this.
  6. It's a requirement that we track as much of the history as we can in KIM (for auditing purposes), but that could be handled as part of the service implementation and wouldn't necessarily need to be expressed in the api.
  7. I think I would need clarification on what "system name" means.
  8. KIM does not have this requirement as everything that uses a group is supposed to reference it by it's unique identifier.

NAU responses

  1. No.
  2. ID, display name, plus attributes GID, creator subject id, optional ldap filter.
  3. Multiple criteria such as group id, name, description, creator id, owner id, ldap filter. Can "and" up to 3 criteria.
  4. ?
  5. Yes.
  6. Not for groups, but would like to have expiry dates and filter criteria for group memberships.
  7. Yes.
  8. We don't use this feature.

uPortal responses

  1. No.
  2. ID, display name, and description.
  3. Can search by group id or name. Searches may specify whether to return an exact match, match the beginning/end/part of the name, etc.
  4. No.
  5. uPortal doesn't support composite groups, though we do view groups as a hierarchy and rely on group membership being inherited. (For example, if Group B is a member of Group A, and a user is in Group B, s/he is automatically a member of Group A).
  6. No.
  7. The current uPortal group API requires getting both group objects in order to add one to the other's membership list.
  8. uPortal doesn't currently have this capability.

Etc