Embed Size (px)
DESCRIPTION
The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations. VOOT is a layer on top of SCIM to exchange information about groups in federated environments.
Citation preview
VOOT
Andreas Åkre SolbergUNINETT
Stockholm, April 2014
Consumer Service Provider
Resource
Resource
ResourceCRUD
Typical protocol stack
HTTP
OAuth
SCIM
Resources as JSONSCIM CRUD operations
REST
User
Group
……
Resource types
{ "schemas": [ "urn:scim:schemas:core:1.0” ], "id": "2819c223-413861904646", "userName": "[email protected]", "displayName": "Babs Jensen", "preferredLanguage": "en_US", "locale": "en_US", "timezone": "America/Los_Angeles"}
{ "schemas": [ "urn:scim:schemas:core:1.0" ], "id": "e9e30dba-f08f-4109", "displayName": "Tour Guides"}Resource
instances
Resource types
Schemas
User Group
SCIMCoreUser
SCIMCore
Group
SCIMCore
Enterprise User
Attributes
Multi-valuedSingle-valued
Simple Complex
StringBoolean
DecimalInteger
DateTimeBinary
SCIM Extension model
› Extension Schemas› New Resource types
VOOTas of April 2014
Built on top of SCIM 2.0.› Minor SCIM adjustments (needs to be sorted out)
› Schemas for groups› New resource types› Pre-defined group types
Todo
› Use case and best practice› Architecture, federation and more
Work in progress
User Group
is member of**
SCIMToo simple group membership model
VOOTis extending SCIM
User Role Group GroupType
Only one role object for each combination of user and group
TranslatableString{
"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": { "en": "Second year mathematics at the university", "nb": "Andre årets mattekurs ved universitet" }}
{"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24",
"description": "Andre årets mattekurs ved universitet"}
HTTP Content negotiation
?translate=1
{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""sourceID":""voot:sources:uninett:fs","""""displayName_":"{"""""""""en":""Course"M.201"Mathematics"at"University"of"Oslo","""""""""nb":""Fag"M.201"Matematikk"ved"Universitetet"i"Oslo"""""},"""""description":"{"""""""""en":""Second"year"mathematics"at"the"university","""""""""nb":""Andre"årets"mattekurs"ved"universitet"""""},"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}
Groups
› sourceID› id, name and description› groupType (reference)› permissions (for current user)› active?› public?› time limitation (notBefore, notAfter)
{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014B01B01T12:00:00Z","""""notAfter":""""""2014B08B01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}
Roles
› basic role abstraction (member, admin and owner)› displayName› groupType (reference)› active?› time limitation (notBefore, notAfter)
› Refers to both user and group
If a user is member of a group, there exists one and only one role object for that relation.
› Embedded in group list› Embedded in user list› Standalone
{"""""id":""voot:groupTypes:edu:courses","""""displayName":"{"""""""""en":""Course","""""""""nb":""Fag"""""},"""""sourceID":""voot:sources:uninett:fs","""""groupSchemas":"""""["""""""""voot:groupschemaX"""""],"""""roleSchemas":""["""""""""voot:roleschemaX"""""]}
GroupTypes › Predefined listVOOT spec contains a set of well defined group types for higher education.
› Dynamic supportClients does not need to understand group types in advance, but may want to sort groups according to type regardless.
› SchemasRefers to schemas for with extended attributes for both groups and roles.
GroupTypes
Harmonization / standardisation needed
Institutionwith schema that maps
eduPerson affiliation
Ad-Hoc
OrgUnit
Cohort Study Course
GroupTypes
Information about course is obtained from group and role resource.
Course
{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""displayName_":"{"""""""""en":"“Mathematics"101”""""}"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}
{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014-01-01T12:00:00Z","""""notAfter":""""""2014-08-01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}
{BASE}/me
VOOT ProtocolInformation about me
{BASE}/me/GroupsThe groups that I am member of
Responds with a list (ResourceList) of group resources, where the role for the current user is embedded in the vootRole property.
{BASE}/Roles/{GROUPID}/{USERID}The role for a given combination of user and group.
{BASE}/Groups/{GROUPID}/membersList of members of a group
Responds with a list (ResourceList) of role resources, where the user object is embedded.
{BASE}/Groups?search={SEARCH-TERM}Querying for public groups
Next…Continue work with specificationInvolve with SCIM 2.0 standardisationImplementation to get understandingInterop between federationsFurther work on architecture, cross-federation
![[ Toolkit For ] Spinal Cord Independence Measure III …...A clinical guideline for performing the SCIM III February 2016 | Version 6.0 Spinal Cord Independence Measure III (SCIM III)](https://img.pdfslide.us/doc/110x75/5e598132d5a5e77264202e50/-toolkit-for-spinal-cord-independence-measure-iii-a-clinical-guideline-for.jpg)
