Skip to end of metadata
Go to start of metadata


The groups service architecture supports source data integration into the service as well as application integration for reference and use in applications.


The following diagram represents the flow of data through the groups service for reuse in applications.

Tip: click the the image to view a larger version.

Source Data Integration

Group data sources include master data in institutional systems of record as well as customer data.

Examples of master data integration include:

  • UW Person Registry
  • Student data
  • HR/Payroll data
  • ASTRA role data

Group data from these sources and others are imported into the groups service via data ETL (extract, transform, load) processes through the Groups API.

Examples of customer data integration include:

  • customer data integrated via the Groups API
  • customer data integrated via the Groups UI

Group Data Management

Groups data can be managed via the same interfaces used for integration:

  • Groups API
  • Group UI

Data management includes standard create, read, update and delete operations on groups, memberships and metadata such as access controls.

Application Integration

Applications can integrate groups through the following integration services and protocols:

  • Groups API (REST)
  • Shibboleth Identity Provider (SAML 2.0)
  • UWWI Active Directory Domain Services (Windows integration)
  • UWWI Active Directory (LDAPv3)
  • Groups Directory Service (LDAPv3)

Application Use

Groups can be referenced and used in applications that integrate with the service.

Examples include:

  • UW mailman lists can reference and synchronize with groups
  • UW web servers can reference groups for access control
  • Shibboleth Service Providers (SPs), InCommon SPs and other SAML 2.0 applications can use SAML "isMemberOf" attribute assertions released by the UW Shibboleth IDP
  • Catalyst Tools and Tegrity can reference groups for access control
  • UW Google Apps can reference groups for sharing
  • Microsoft Windows applications like Sharepoint, Exchange and Reporting Services can use UWWI Active Directory to reference groups

The overall architecture is designed to enable reuse.