IAM in Service Catalog
This plan specifies group names that are in the style of UW NetIDs, email addresses, and web URLs. That is, they are: relatively short; typically meaningful to humans but not full English words; and normally writable as ASCII strings without white space. Such identifiers are intended to fit in easily where these other identifiers typically are found. Note, however, that the names in this plan are not themselves UW NetIDs, email addresses, or URLs/URIs; there are mappings to/from those forms in some cases.
In some important environments group names are in the same namespace as UW NetIDs. To accomodate this, group names (at least the NetID-style group names defined in this document) must be considered to be part of the larger UW NetID namespace. See UW NetID Namespace for more information.
It is a requirement that groups be able to be created (hence named) by potentially very large numbers of UW community members (over 100,000 or so). To avoid conflicts, and the need for an approval process for each proposed group name, a hierarchical naming scheme is used, . This is similar to other environments where large-scale distributed naming is needed (e.g. DNS, file systems).
Using the terminology promoted in the Internet2 Grouper project, group namespaces are referred to as "stems" (avoiding various other overloaded terms). A stem is created for the purpose of creating and managing groups (and other stems) based on it, and to control access to these operations. The entity (or entities) responsible for managing a stem is a "naming authority" for that stem. A naming authority may delegate control of namespaces based on its stem to other naming authorities.
Names and URIs
In many cases a group name is used in a context where it is understood to be a group name in the UW infrastructure space (e.g., the "require group foo" context in UW web access control for Apache). A short form is available for these contexts, as described in sections 3 and 4. For more general contexts, a URI form is also defined so that each group has a globally unique name.
Group names are names in the UW NetID namespace. The syntax defined here is a profile of the Base UW NetID syntax.
A group name is a sequence of name components, by convention written left-to-right from highest-level to lowest-level naming authority. Name components are written separated by a delimiter character.
Delimiter: The delimiter between components is underscore ("_").
Maximum length: 128 octets, including delimiters.
4. UW top-level stems
C&C (acting as institutional group naming authority) controls the top-level stem space. Top-level stems can be created as needed, based on discussion with stakeholders and establishment of clear definition and requirements. Like any stem, a top-level stem must have a well-defined naming authority to manage it.
The syntax of groups in the academic course stem is:
\[ followUWWI existinghas UWWIcreated approacha convention for this... This needs to be described syntactically to work here. \]
There may be existing practice where centrally-managed groups are named with names that do not conform to the scheme defined in sections 3 and 4. There may also be cases where applications require group names that do not conform to this plan, but it is still appealing to manage such groups centrally. In these cases exceptions may be granted. Such group names must still conform to the base UW NetID syntax. Groups named with exceptional names should still benefit from participation in group management and use operations.