VOOT

Andreas Åkre SolbergUNINETT

Stockholm, April 2014

Consumer Service Provider

Resource

Resource

ResourceCRUD

Typical protocol stack

HTTP

OAuth

SCIM

Resources as JSONSCIM CRUD operations

REST

User

Group

……

Resource types

{ "schemas": [ "urn:scim:schemas:core:1.0” ], "id": "2819c223-413861904646", "userName": "bjensen@example.com", "displayName": "Babs Jensen", "preferredLanguage": "en_US", "locale": "en_US", "timezone": "America/Los_Angeles"}

{ "schemas": [ "urn:scim:schemas:core:1.0" ], "id": "e9e30dba-f08f-4109", "displayName": "Tour Guides"}Resource

instances

Resource types

Schemas

User Group

SCIMCoreUser

SCIMCore

Group

SCIMCore

Enterprise User

Attributes

Multi-valuedSingle-valued

Simple Complex

StringBoolean

DecimalInteger

DateTimeBinary

SCIM Extension model

› Extension Schemas› New Resource types

VOOTas of April 2014

Built on top of SCIM 2.0.› Minor SCIM adjustments (needs to be sorted out)

› Schemas for groups› New resource types› Pre-defined group types

Todo

› Use case and best practice› Architecture, federation and more

Work in progress

User Group

is member of**

SCIMToo simple group membership model

VOOTis extending SCIM

User Role Group GroupType

Only one role object for each combination of user and group

TranslatableString{

"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": { "en": "Second year mathematics at the university", "nb": "Andre årets mattekurs ved universitet" }}

{"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24",

"description": "Andre årets mattekurs ved universitet"}

HTTP Content negotiation

?translate=1

{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""sourceID":""voot:sources:uninett:fs","""""displayName_":"{"""""""""en":""Course"M.201"Mathematics"at"University"of"Oslo","""""""""nb":""Fag"M.201"Matematikk"ved"Universitetet"i"Oslo"""""},"""""description":"{"""""""""en":""Second"year"mathematics"at"the"university","""""""""nb":""Andre"årets"mattekurs"ved"universitet"""""},"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}

Groups

› sourceID› id, name and description› groupType (reference)› permissions (for current user)› active?› public?› time limitation (notBefore, notAfter)

{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014B01B01T12:00:00Z","""""notAfter":""""""2014B08B01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}

Roles

› basic role abstraction (member, admin and owner)› displayName› groupType (reference)› active?› time limitation (notBefore, notAfter)

› Refers to both user and group

If a user is member of a group, there exists one and only one role object for that relation.

› Embedded in group list› Embedded in user list› Standalone

{"""""id":""voot:groupTypes:edu:courses","""""displayName":"{"""""""""en":""Course","""""""""nb":""Fag"""""},"""""sourceID":""voot:sources:uninett:fs","""""groupSchemas":"""""["""""""""voot:groupschemaX"""""],"""""roleSchemas":""["""""""""voot:roleschemaX"""""]}

GroupTypes › Predefined listVOOT spec contains a set of well defined group types for higher education.

› Dynamic supportClients does not need to understand group types in advance, but may want to sort groups according to type regardless.

› SchemasRefers to schemas for with extended attributes for both groups and roles.

GroupTypes

Harmonization / standardisation needed

Institutionwith schema that maps

eduPerson affiliation

Ad-Hoc

OrgUnit

Cohort Study Course

GroupTypes

Information about course is obtained from group and role resource.

Course

{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""displayName_":"{"""""""""en":"“Mathematics"101”""""}"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}

{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014-01-01T12:00:00Z","""""notAfter":""""""2014-08-01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}

{BASE}/me

VOOT ProtocolInformation about me

{BASE}/me/GroupsThe groups that I am member of

Responds with a list (ResourceList) of group resources, where the role for the current user is embedded in the vootRole property.

{BASE}/Roles/{GROUPID}/{USERID}The role for a given combination of user and group.

{BASE}/Groups/{GROUPID}/membersList of members of a group

Responds with a list (ResourceList) of role resources, where the user object is embedded.

{BASE}/Groups?search={SEARCH-TERM}Querying for public groups

Next…Continue work with specificationInvolve with SCIM 2.0 standardisationImplementation to get understandingInterop between federationsFurther work on architecture, cross-federation