>> GroupSpace
Status | Synopsis | Documents | History

Status
In design.

Synopsis
The demand for customized groups of persons has been increasing as the number of "restricted" on-line applications has been increasing across campus. While AcIS can provide limited sets of demographic information based on information feeds, the expense in time and resources for adding additional demographic information limits the ability to respond to smaller requests.

Two distinct needs have been identified:

  1. Interoperability of application dependent groups.
    Applications such as portals, CourseWorks, and CubMail allow the definition of groups of users to facilitate various functions within the application, such as the generation of email lists or access controls. However, a group defined in one system is not available to any other system, which provides a poor user experience when the same group must be defined once in each location.

  2. Restricted disclosure of information to third parties.
    More and more, various holders of information are contracting with third parties to provide service to their community. For purposes of privacy and accuracy, it is desirable to disclose as little information about the members of the community via a static method as possible. By utilizing a central group repository as a proxy, demographic information can be provided at authentication time via existing proxy mechanisms such as WIND.

Currently, the Cunix group command offers much of the desired functionality, especially as group memberships are reflected into the directory server, however it lacks an API and publishing updates currently must wait until overnight to be reflected outside of Cunix.

  • GroupSpace will provide a standardized API to facilitate automated or bulk loads.
  • GroupSpace will offer an interactive frontend (implemented over the API) for simple edits.
  • The creator of a group will control the attributes of that group, including who is permitted to view or edit the list of members.
  • The owner of an application (for groups created within an application environment) will be permitted to override controls on groups created within that application, or will be able to enforce attributes for all groups created within.
  • GroupSpace will publish group information via commonly accessible methods.
Issues to be addressed:
  • Establishment of namespaces (who can request them, whether or not approval is required)
  • Group hierarchies (derived groups, subgroups, etc).
  • How data is published and access restricted (separate LDAP tree, interoperability with affiliation attribute).

Documents

History
25 September 2002: Initial planning began.