scim and voot
DESCRIPTION
The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations. VOOT is a layer on top of SCIM to exchange information about groups in federated environments.TRANSCRIPT
![Page 1: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/1.jpg)
VOOT
Andreas Åkre SolbergUNINETT
Stockholm, April 2014
![Page 2: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/2.jpg)
Consumer Service Provider
Resource
Resource
ResourceCRUD
![Page 3: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/3.jpg)
Typical protocol stack
HTTP
OAuth
SCIM
Resources as JSONSCIM CRUD operations
REST
![Page 4: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/4.jpg)
User
Group
……
Resource types
![Page 5: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/5.jpg)
{ "schemas": [ "urn:scim:schemas:core:1.0” ], "id": "2819c223-413861904646", "userName": "[email protected]", "displayName": "Babs Jensen", "preferredLanguage": "en_US", "locale": "en_US", "timezone": "America/Los_Angeles"}
{ "schemas": [ "urn:scim:schemas:core:1.0" ], "id": "e9e30dba-f08f-4109", "displayName": "Tour Guides"}Resource
instances
Resource types
Schemas
User Group
SCIMCoreUser
SCIMCore
Group
SCIMCore
Enterprise User
![Page 6: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/6.jpg)
Attributes
Multi-valuedSingle-valued
Simple Complex
StringBoolean
DecimalInteger
DateTimeBinary
![Page 7: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/7.jpg)
SCIM Extension model
› Extension Schemas› New Resource types
![Page 8: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/8.jpg)
VOOTas of April 2014
Built on top of SCIM 2.0.› Minor SCIM adjustments (needs to be sorted out)
› Schemas for groups› New resource types› Pre-defined group types
Todo
› Use case and best practice› Architecture, federation and more
Work in progress
![Page 9: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/9.jpg)
User Group
is member of**
SCIMToo simple group membership model
VOOTis extending SCIM
User Role Group GroupType
Only one role object for each combination of user and group
![Page 10: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/10.jpg)
TranslatableString{
"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24", "description": { "en": "Second year mathematics at the university", "nb": "Andre årets mattekurs ved universitet" }}
{"id": "e01eafb1-5f1c-4992-fcd5-ab0160c7ad24",
"description": "Andre årets mattekurs ved universitet"}
HTTP Content negotiation
?translate=1
![Page 11: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/11.jpg)
{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""sourceID":""voot:sources:uninett:fs","""""displayName_":"{"""""""""en":""Course"M.201"Mathematics"at"University"of"Oslo","""""""""nb":""Fag"M.201"Matematikk"ved"Universitetet"i"Oslo"""""},"""""description":"{"""""""""en":""Second"year"mathematics"at"the"university","""""""""nb":""Andre"årets"mattekurs"ved"universitet"""""},"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}
Groups
› sourceID› id, name and description› groupType (reference)› permissions (for current user)› active?› public?› time limitation (notBefore, notAfter)
![Page 12: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/12.jpg)
{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014B01B01T12:00:00Z","""""notAfter":""""""2014B08B01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}
Roles
› basic role abstraction (member, admin and owner)› displayName› groupType (reference)› active?› time limitation (notBefore, notAfter)
› Refers to both user and group
If a user is member of a group, there exists one and only one role object for that relation.
› Embedded in group list› Embedded in user list› Standalone
![Page 13: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/13.jpg)
{"""""id":""voot:groupTypes:edu:courses","""""displayName":"{"""""""""en":""Course","""""""""nb":""Fag"""""},"""""sourceID":""voot:sources:uninett:fs","""""groupSchemas":"""""["""""""""voot:groupschemaX"""""],"""""roleSchemas":""["""""""""voot:roleschemaX"""""]}
GroupTypes › Predefined listVOOT spec contains a set of well defined group types for higher education.
› Dynamic supportClients does not need to understand group types in advance, but may want to sort groups according to type regardless.
› SchemasRefers to schemas for with extended attributes for both groups and roles.
![Page 14: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/14.jpg)
GroupTypes
Harmonization / standardisation needed
Institutionwith schema that maps
eduPerson affiliation
Ad-Hoc
OrgUnit
Cohort Study Course
![Page 15: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/15.jpg)
GroupTypes
Information about course is obtained from group and role resource.
Course
{"""""id":""""""""e01eafb1-5f1c-4992-fcd5-ab0160c7ad24","""""displayName_":"{"""""""""en":"“Mathematics"101”""""}"""""groupType":""voot:groupTypes:edu:courses","""""notBefore":""2006-08-01T12:00:00Z","""""groupActive":""true,"""""public":"""true,"""""may":"{"""""""""listMembers":"true,"""""""""manageMembers":"false""""}}
{"""""basic":""admin","""""displayName_":"{"""""""""en":""Teacher","""""""""nb":""Lærer"""""},"""""notBefore":"""""2014-01-01T12:00:00Z","""""notAfter":""""""2014-08-01T12:00:00Z","""""roleActive":"""true,"""""course_role":"""teacher"}
![Page 16: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/16.jpg)
![Page 17: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/17.jpg)
![Page 18: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/18.jpg)
{BASE}/me
VOOT ProtocolInformation about me
{BASE}/me/GroupsThe groups that I am member of
Responds with a list (ResourceList) of group resources, where the role for the current user is embedded in the vootRole property.
{BASE}/Roles/{GROUPID}/{USERID}The role for a given combination of user and group.
{BASE}/Groups/{GROUPID}/membersList of members of a group
Responds with a list (ResourceList) of role resources, where the user object is embedded.
{BASE}/Groups?search={SEARCH-TERM}Querying for public groups
![Page 19: SCIM and VOOT](https://reader034.vdocument.in/reader034/viewer/2022052410/554dc5e6b4c905bd488b50e0/html5/thumbnails/19.jpg)
Next…Continue work with specificationInvolve with SCIM 2.0 standardisationImplementation to get understandingInterop between federationsFurther work on architecture, cross-federation