Your SlideShare is downloading. ×
  • Like
SCIM and VOOT
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

SCIM and VOOT

  • 968 views
Published

The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations. …

The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.

VOOT is a layer on top of SCIM to exchange information about groups in federated environments.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
968
On SlideShare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. VOOT Andreas Åkre Solberg UNINETT Stockholm, April 2014
  • 2. Consumer Service Provider Resource Resource Resource CRUD
  • 3. Typical protocol stack HTTP OAuth SCIM Resources as JSON SCIM CRUD operations REST
  • 4. User Group … … Resource types
  • 5. { "schemas": [ "urn:scim:schemas:core:1.0” ], "id": "2819c223-413861904646", "userName": "bjensen@example.com", "displayName": "Babs Jensen", "preferredLanguage": "en_US", "locale": "en_US", "timezone": "America/Los_Angeles" } { "schemas": [ "urn:scim:schemas:core:1.0" ], "id": "e9e30dba-f08f-4109", "displayName": "Tour Guides" } Resource instances Resource types Schemas User Group SCIM Core User SCIM Core Group SCIM Core Enterprise User
  • 6. Attributes Multi-valued Single-valued Simple Complex String Boolean Decimal Integer DateTime Binary
  • 7. SCIM Extension model › Extension Schemas › New Resource types
  • 8. VOOT as of April 2014 Built on top of SCIM 2.0. › Minor SCIM adjustments (needs to be sorted out) › Schemas for groups › New resource types › Pre-defined group types Todo › Use case and best practice › Architecture, federation and more Work in progress
  • 9. User Group is member of ** SCIM Too simple group membership model VOOT is extending SCIM User Role Group Group Type Only one role object for each combination of user and group
  • 10. TranslatableString { "id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": { "en": "Second year mathematics at the university", "nb": "Andre årets mattekurs ved universitet" } } { "id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": "Andre årets mattekurs ved universitet" } HTTP Content negotiation ?translate=1
  • 11. { """""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", """""sourceID":""voot:sources:uninett:fs", """""displayName_":"{ """""""""en":""Course"M.201"Mathematics"at"University"of"Oslo", """""""""nb":""Fag"M.201"Matematikk"ved"Universitetet"i"Oslo" """"}, """""description":"{ """""""""en":""Second"year"mathematics"at"the"university", """""""""nb":""Andre"årets"mattekurs"ved"universitet" """"}, """""groupType":""voot:groupTypes:edu:courses", """""notBefore":""2006-08-01T12:00:00Z", """""groupActive":""true, """""public":"""true, """""may":"{ """""""""listMembers":"true, """""""""manageMembers":"false """"} } Groups › sourceID › id, name and description › groupType (reference) › permissions (for current user) › active? › public? › time limitation (notBefore, notAfter)
  • 12. { """""basic":""admin", """""displayName_":"{ """""""""en":""Teacher", """""""""nb":""Lærer" """"}, """""notBefore":"""""2014B01B01T12:00:00Z", """""notAfter":""""""2014B08B01T12:00:00Z", """""roleActive":"""true, """""course_role":"""teacher" } Roles › basic role abstraction (member, admin and owner) › displayName › groupType (reference) › active? › time limitation (notBefore, notAfter) › Refers to both user and group If a user is member of a group, there exists one and only one role object for that relation. › Embedded in group list › Embedded in user list › Standalone
  • 13. { """""id":""voot:groupTypes:edu:courses", """""displayName":"{ """""""""en":""Course", """""""""nb":""Fag" """"}, """""sourceID":""voot:sources:uninett:fs", """""groupSchemas":"""""[ """""""""voot:groupschemaX" """"], """""roleSchemas":""[ """""""""voot:roleschemaX" """"] } GroupTypes › Predefined list VOOT spec contains a set of well defined group types for higher education. › Dynamic support Clients does not need to understand group types in advance, but may want to sort groups according to type regardless. › Schemas Refers to schemas for with extended attributes for both groups and roles.
  • 14. GroupTypes Harmonization / standardisation needed Institution with schema that maps eduPerson affiliation Ad-Hoc OrgUnit Cohort Study Course
  • 15. GroupTypes Information about course is obtained from group and role resource. Course { """""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", """""displayName_":"{ """""""""en":"“Mathematics"101” """"} """""groupType":""voot:groupTypes:edu:courses", """""notBefore":""2006-08-01T12:00:00Z", """""groupActive":""true, """""public":"""true, """""may":"{ """""""""listMembers":"true, """""""""manageMembers":"false """"} } { """""basic":""admin", """""displayName_":"{ """""""""en":""Teacher", """""""""nb":""Lærer" """"}, """""notBefore":"""""2014-01-01T12:00:00Z", """""notAfter":""""""2014-08-01T12:00:00Z", """""roleActive":"""true, """""course_role":"""teacher" }
  • 16. {BASE}/me VOOT Protocol Information about me {BASE}/me/Groups The groups that I am member of Responds with a list (ResourceList) of group resources, where the role for the current user is embedded in the vootRole property. {BASE}/Roles/{GROUPID}/{USERID} The role for a given combination of user and group. {BASE}/Groups/{GROUPID}/members List of members of a group Responds with a list (ResourceList) of role resources, where the user object is embedded. {BASE}/Groups?search={SEARCH-TERM} Querying for public groups
  • 17. Next… Continue work with specification Involve with SCIM 2.0 standardisation Implementation to get understanding Interop between federations Further work on architecture, cross-federation