VOOT
Andreas Åkre Solberg
UNINETT
Stockholm, April 2014
Consumer Service
Provider
Resource
Resource
Resource
CRUD
Typical protocol stack
HTTP
OAuth
SCIM
Resources as JSON
SCIM CRUD operations
REST
User
Group
…
…
Resource types
{
"schemas": [
"urn:scim:schemas:core:1.0”
],
"id": "2819c223-413861904646",
"userName": "bjensen@example.com",
"displayNa...
Attributes
Multi-valued
Single-valued
Simple
Complex
String
Boolean
Decimal
Integer
DateTime
Binary
SCIM Extension model
› Extension Schemas
› New Resource types
VOOT
as of April 2014
Built on top of SCIM 2.0.
› Minor SCIM adjustments (needs to be sorted out)
› Schemas for groups
› N...
User Group
is member of
**
SCIM
Too simple group membership model
VOOT
is extending SCIM
User Role Group
Group
Type
Only o...
TranslatableString
{
"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24",
"description": {
"en": "Second year mathematics at the ...
{
"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24",
"""""sourceID":""voot:sources:uninett:fs",
"""""displayName_":"{...
{
"""""basic":""admin",
"""""displayName_":"{
"""""""""en":""Teacher",
"""""""""nb":""Lærer"
""""},
"""""notBefore":"""""2...
{
"""""id":""voot:groupTypes:edu:courses",
"""""displayName":"{
"""""""""en":""Course",
"""""""""nb":""Fag"
""""},
"""""so...
GroupTypes
Harmonization / standardisation needed
Institution
with schema that maps
eduPerson affiliation
Ad-Hoc
OrgUnit
C...
GroupTypes
Information about course is
obtained from group and
role resource.
Course
{
"""""id":""""""""e01eafb1-5f1c-4992...
{BASE}/me
VOOT Protocol
Information about me
{BASE}/me/Groups
The groups that I am member of
Responds with a list (Resourc...
Next…
Continue work with specification
Involve with SCIM 2.0 standardisation
Implementation to get understanding
Interop b...
SCIM and VOOT
SCIM and VOOT
Upcoming SlideShare
Loading in …5
×

SCIM and VOOT

1,869 views

Published on

The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.

VOOT is a layer on top of SCIM to exchange information about groups in federated environments.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,869
On SlideShare
0
From Embeds
0
Number of Embeds
630
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SCIM and VOOT

  1. 1. VOOT Andreas Åkre Solberg UNINETT Stockholm, April 2014
  2. 2. Consumer Service Provider Resource Resource Resource CRUD
  3. 3. Typical protocol stack HTTP OAuth SCIM Resources as JSON SCIM CRUD operations REST
  4. 4. User Group … … Resource types
  5. 5. { "schemas": [ "urn:scim:schemas:core:1.0” ], "id": "2819c223-413861904646", "userName": "bjensen@example.com", "displayName": "Babs Jensen", "preferredLanguage": "en_US", "locale": "en_US", "timezone": "America/Los_Angeles" } { "schemas": [ "urn:scim:schemas:core:1.0" ], "id": "e9e30dba-f08f-4109", "displayName": "Tour Guides" } Resource instances Resource types Schemas User Group SCIM Core User SCIM Core Group SCIM Core Enterprise User
  6. 6. Attributes Multi-valued Single-valued Simple Complex String Boolean Decimal Integer DateTime Binary
  7. 7. SCIM Extension model › Extension Schemas › New Resource types
  8. 8. VOOT as of April 2014 Built on top of SCIM 2.0. › Minor SCIM adjustments (needs to be sorted out) › Schemas for groups › New resource types › Pre-defined group types Todo › Use case and best practice › Architecture, federation and more Work in progress
  9. 9. User Group is member of ** SCIM Too simple group membership model VOOT is extending SCIM User Role Group Group Type Only one role object for each combination of user and group
  10. 10. TranslatableString { "id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": { "en": "Second year mathematics at the university", "nb": "Andre årets mattekurs ved universitet" } } { "id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": "Andre årets mattekurs ved universitet" } HTTP Content negotiation ?translate=1
  11. 11. { """""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", """""sourceID":""voot:sources:uninett:fs", """""displayName_":"{ """""""""en":""Course"M.201"Mathematics"at"University"of"Oslo", """""""""nb":""Fag"M.201"Matematikk"ved"Universitetet"i"Oslo" """"}, """""description":"{ """""""""en":""Second"year"mathematics"at"the"university", """""""""nb":""Andre"årets"mattekurs"ved"universitet" """"}, """""groupType":""voot:groupTypes:edu:courses", """""notBefore":""2006-08-01T12:00:00Z", """""groupActive":""true, """""public":"""true, """""may":"{ """""""""listMembers":"true, """""""""manageMembers":"false """"} } Groups › sourceID › id, name and description › groupType (reference) › permissions (for current user) › active? › public? › time limitation (notBefore, notAfter)
  12. 12. { """""basic":""admin", """""displayName_":"{ """""""""en":""Teacher", """""""""nb":""Lærer" """"}, """""notBefore":"""""2014B01B01T12:00:00Z", """""notAfter":""""""2014B08B01T12:00:00Z", """""roleActive":"""true, """""course_role":"""teacher" } Roles › basic role abstraction (member, admin and owner) › displayName › groupType (reference) › active? › time limitation (notBefore, notAfter) › Refers to both user and group If a user is member of a group, there exists one and only one role object for that relation. › Embedded in group list › Embedded in user list › Standalone
  13. 13. { """""id":""voot:groupTypes:edu:courses", """""displayName":"{ """""""""en":""Course", """""""""nb":""Fag" """"}, """""sourceID":""voot:sources:uninett:fs", """""groupSchemas":"""""[ """""""""voot:groupschemaX" """"], """""roleSchemas":""[ """""""""voot:roleschemaX" """"] } GroupTypes › Predefined list VOOT spec contains a set of well defined group types for higher education. › Dynamic support Clients does not need to understand group types in advance, but may want to sort groups according to type regardless. › Schemas Refers to schemas for with extended attributes for both groups and roles.
  14. 14. GroupTypes Harmonization / standardisation needed Institution with schema that maps eduPerson affiliation Ad-Hoc OrgUnit Cohort Study Course
  15. 15. GroupTypes Information about course is obtained from group and role resource. Course { """""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", """""displayName_":"{ """""""""en":"“Mathematics"101” """"} """""groupType":""voot:groupTypes:edu:courses", """""notBefore":""2006-08-01T12:00:00Z", """""groupActive":""true, """""public":"""true, """""may":"{ """""""""listMembers":"true, """""""""manageMembers":"false """"} } { """""basic":""admin", """""displayName_":"{ """""""""en":""Teacher", """""""""nb":""Lærer" """"}, """""notBefore":"""""2014-01-01T12:00:00Z", """""notAfter":""""""2014-08-01T12:00:00Z", """""roleActive":"""true, """""course_role":"""teacher" }
  16. 16. {BASE}/me VOOT Protocol Information about me {BASE}/me/Groups The groups that I am member of Responds with a list (ResourceList) of group resources, where the role for the current user is embedded in the vootRole property. {BASE}/Roles/{GROUPID}/{USERID} The role for a given combination of user and group. {BASE}/Groups/{GROUPID}/members List of members of a group Responds with a list (ResourceList) of role resources, where the user object is embedded. {BASE}/Groups?search={SEARCH-TERM} Querying for public groups
  17. 17. Next… Continue work with specification Involve with SCIM 2.0 standardisation Implementation to get understanding Interop between federations Further work on architecture, cross-federation

×