Questions
- Initial assumption is web service based with pluggable authentication
- Which authentication should we support? SSL cert, ws-auth, user/pass in http basic auth, public key signature in http header, other?
- Do we need a messaging design (xmpp)?
- REST? (if REST, then XML, JSON, and/or XHTML)?
- SOAP?
- Simple calls vs Batched calls (e.g. replace all members of a group with the attached list)? (if batched, can you pass a TX type e.g. use a transaction or not)?
- Simple responses or complex responses (e.g. for groups a subject is in, return just the ID (KIM) or return group information(Grouper))?
- How are results communicated back? Result code, description, warnings, errors, success_TF, etc?
- If you add a member to a group who is already a member, is that a success, and is there a result code that represents that? (same with delete)
- Paging and sorting for results?
- Is the client and server version transmitted in the request/response?
- Should operations be idempotent? i.e. if an operation is executed twice, should be a success both times (e.g. add member, create group)
COmanage responses
For the most part, details aren't that important to COmanage. In general, simpler is better.
- COmanage is concerned about keeping admin tasks to a minimum (since they'll already be a lot of them), so eg user/pass is easier to manage than SSL certs.
- Possibly, both for Gears (if backsync from the group manager is allowed) and for domesticated Apps.
- REST is good, XML or JSON.
- Gears isn't using SOAP, so would rather not need it.
- Simple probably.
- No opinion.
- No, it's a failure.
- Not needed.
- Probably.
- Isn't this basically the same as #8?
Grouper responses
- Pluggable authentication is ideal. user/pass that delegates to kerberos is needed, also user/pass in http basic auth, at least
- Messaging: This seems like it would be useful, but hasn't taken off that much in Grouper, so we should at least plan for it in the future
- REST? (if REST, then XML, JSON, and/or XHTML): I think we should focus first on the object types that are passed back and forth, and we can see what translations we need to convert that to a plain text HTTPs protocol... this is how Grouper works to support so many formattings
- SOAP: Would prefer to start with REST-like
- Either is fine, though having a replace operation is nice (which takes a list of users)
- Simple responses or complex responses: If there is a "Subject Service"or whatever service to get at the data, then simple responses are fine. It is useful in Grouper to have complex responses, though there is more complexity
- How are results communicated back? Result code, description, warnings, errors, success_TF, etc? I like the grouper model, where there are some HTTP headers, a success T/F, a response code, message, etc
- If you add a member to a group who is already a member, is that a success, and is there a result code that represents that? (same with delete): Operations should definitely be idempotent... if an operation is invoked twice, it should not be a failure (e.g. a client might think there is a timeout and resubmit, then it might get processed twice). However, result codes should be descriptive
- Paging and sorting for results? If this service is used for UI's, then we need it. And if we have it, we definitely need a Subject Service
- Is the client and server version transmitted in the request/response? We should plan for versioning, which includes transmitting the versions back and forth.
- Should operations be idempotent? i.e. if an operation is executed twice, should be a success both times (e.g. add member, create group)
Rice responses
NAU responses
- user/pass in https is sufficient, but pluggable would be nice.
- ?
- REST is fine.
- Not necessary.
- It depends on the kind of call. In a user interface, add/mod/delete of groups is usually one at a time, so can be simple. Member management is usually many at a time so should be batched. Not sure what is meant by "can you pass a TX".
- Complex. Maybe an option to return simple or complex info on per call basis.
- Prefer errors and warnings with code and description. Success can be a simple code.
- It is a success, but there should be info returned to reflect the difference (i.e different result code from success, not already a member). The more granular the return info is, the better. The user can decide whether the difference is relevant to their application.
- Paging not necessary as part of the interface. Paging needs seem very application-specific. Sorting not necessary, but would be nice if sort field can be specified (e.g. group id vs group name vs other group attribute).
- Don't have a need for it now.
- Yes, but result code should reflect any differences per 8.
uPortal Responses
- We approve of pluggable authentication in general with a decent selection of options.
- Which authentication should we support? SSL cert, ws-auth, user/pass in http basic auth, public key signature in http header, other?
- Not sure we have a need for messaging right now
- Yes, we'd very much want REST support. Either XML or JSON would be fine.
- We'd prefer REST to SOAP.
- Simple calls would be nice to have, but we might want batched support with transactions for larger or more complex operations.
- I think we'll need known response codes for programmatic handling of success and errors, but it would be useful to have a readable description to go along with that.
- Yes, it should be successful, and yes, there should be a code to differentiate these events.
- Yes, paging and sorting would be useful.