IAM in Service Catalog
Status: In limited deployment, still under review for wider deployment.
C&C is incrementally extending the UW Groups Service to support new modes of group definition, more groups, and more campus organizations defining groups. The general direction is stated in the Groups Service Roadmap.
One key design component is a naming plan for groups that supports the eventual campus-wide scope of the service. It is desirable to start naming groups using a plausible scheme, even while many other aspects of the system are not yet in place. This document specifies a group naming plan for the UW Groups Service.
For design considerations in support of this plan see Group Naming Design Considerations .
For open issues / questions / concerns see Groups Service Open Issues.
1 A "netid"-type name
This plan promotes group names that are more or less in the style of UW NetIDs, email addresses, and web URLs. That is, they are relatively short; typically meaningful to humans but not full English words; and normally writable as ASCII strings without white space. Such identifiers are intended to fit in easily where these other identifiers typically are found. Note, however, that the proposed identifiers are not UW NetIDs, email addresses, or URLs/URIs, though there could be mappings to/from those forms in some cases.
2 Namespaces, stems
This plan takes the general approach of supporting hierarchical group name assignment with ownership and delegation, but permitting the tree to be as shallow or as deep as the institution desires, with a bias towards ease of assignment.
Using the terminology promoted in the Internet2 Grouper project, group namespaces are referred to as "stems" (avoiding various other overloaded terms). A stem is created for the purpose of creating and managing groups (and other stems) based on it, and to control access to these operations.
In many cases a group name is used in a context where it is understood to be a group name in the UW infrastructure space (e.g., the "require group foo" context in UW web access control), so a short form is available for these contexts. For more general contexts, a URI form is also defined so that each group has a globally unique name.
A group name is a sequence of name components, by convention written left-to-right from highest-level to lowest-level naming authority. Name components are written separated by a delimiter character.
Character set: Name components are limited to 7-bit ASCII alphanumeric plus a few punctuation chars: "-", "_".
Case: Names can potentially be mixed-case but by convention are normally lower-case only. Matching is bit-for-bit, i.e. case-sensitive.
Delimiter: The standard delimiter between components is the full stop, ".".
Maximum length: 64 characters, including delimiters.
4 UW top-level stems
C&C (acting as institutional group naming authority) controls the top-level stem space. Top-level stems can be created as needed, based on discussion with stakeholders and establishment of clear definition and requirements. Like any stem, a top-level stem must have a well-defined naming authority to manage it.
Syntax of names under each stem can be further profiled.
5 UW NetID stem
A top-level stem:
represents the UW NetID namespace. Under this stem is a stem for each UW NetID (including personal and shared types, and mailing-list ids, but not temp or other reserved types). For example,
is a stem manageable by the person owning the personal UW NetID rlmorgan. Groups can be created under that stem as the owner of that UW NetID desires (potentially with various administrative limits on number of groups, number of members, etc).
The stem based on a shared UW NetID, eg:
is manageable by the owners of that shared UW NetID, or their delegates. Capability to manage groups using that stem is handled consistently with management of access to other resources available to that shared UW NetID.
5.1 Syntax of group namespace in the UW NetID stem
No further profile.
6 Academic course group stem
Academic course groups use a top-level stem:
6.1 Syntax of group namespace in the academic course stem
\[ follow existing UWWI approach ... \]
7 Other possible top-level stems
A top-level stem representing affiliations (eg faculty, staff, student) may also be useful, e.g.
If the UWNetID-based namespace proves inadequate or problematic, additional top-level stems could be created. For example:
which might indicate groups with an origin external to the UW.
8 Representation of names as URIs
For use in URI contexts URI namespace is allocated:
A group URI is formed by appending the local group name to that namespace, e.g.:
would be another name for the u.rlmorgan.foo group. It would be appealing if searches on such a URI string in popular search engines resulted in a management page describing the group.