IAM in Service Catalog
Using the terminology promoted in the Internet2 Grouper project, specific group namespaces are referred to as "stems". A stem is created for the purpose of creating and managing groups (and other stems) based on it, and to control access to these operations. The entity (or entities) responsible for managing a stem is a "naming authority" for that stem. A naming authority may delegate control of namespaces based on its stem to other naming authorities.
A group name is a sequence of name components, by convention written left-to-right from highest-level to lowest-level naming authority. Name components are written separated by a delimiter character.
Character set: Name components are limited to lowercase letters [groups:(a-z]), digits [groups:(0-9]), dash ("-"), and period (".") characters.
Delimiter: The delimiter between components is underscore ("_").
Note: group names cannot be created without a parent stem. Using the above example:
may not be created without first creating the group
UW-IT (acting as institutional group naming authority) controls the top-level stem space. Top-level stems can be created as needed, based on discussion with stakeholders and establishment of clear definition and requirements. Like any stem, a top-level stem must have a well-defined naming authority to manage it.
Groups named to support UW organizations use short organization identifiers as the component following the uw_ stem. Typically these names are used as stems for the management of potentially many groups within that organization. As a general rule names under this stem will correspond to DNS subdomains under uw.edu or washington.edu that have been delegated for organizational use. For example, if a fictional UW organization "Pavement Science" has an existing DNS subdomain "pavesci.washington.edu", then
See UW Course Groups for definitions of the above attribute types.
4.4 Unstructured stem
is established to name groups in an unstructured fashion. Typically names under this stem will be managed by central or departmental support teams rather than end-users. For example,
is a name in the unstructured stem. Names under this stem are not themselves usable as stems.
The syntax of group names under the Unstructured stem is not further constrained.
There may be existing practice where centrally-managed groups are named with names that do not conform to the scheme defined in sections 3 and 4. There may also be cases where applications require group names that do not conform to this plan, but it is still appealing to manage such groups centrally. In these cases exceptions may be granted. Such group names must still conform to the base UW NetID syntax. Groups named with exceptional names should still benefit from participation in group management and use operations. Such names do not participate in the hierarchical naming scheme, however; that is they are not used as stems. For example:
Note: Changes affecting the use or deployment of the naming plan are recorded here. Editorial changes or clarifications need not be recorded here.
RL "Bob" Morgan
Change section 4.1 to remove application UW NetIDs, clarify examples; change section 4.2 to make examples more generic
RL "Bob" Morgan
Change section 4.2 to include support for organization names under the uw_ stem.
RL "Bob" Morgan
Change section 4.1 (UW NetID Stem) to indicate that admin netids can have these groups, but mailing list names cannot.