Versions Compared

Old Version 11

changes.mady.by.user Stephen M Landry

Saved on

compared with

New Version 12

changes.mady.by.user Stephen M Landry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The IPS mission on the Teamspaces project is to take the baseline Clearspace product and determine that it integrates into the MIT environment with an acceptable level of simplicity. I needs to run in hosting environments that MIT provides to departments, it needs to integrate with user and group data, and work with all our existing authorization and authentication mechanisms. It must be an application that IPS has the skills to assist other developers in implementing.  

Backlog


  • Real Time Updates And end user must go to an external system (Moira, Accounts, Touchstone, Stellar) to administer users, groups, and other facets of enterprise identity.
  • When an end user updates a system of record (Moira, Touchstone), that change is reflected by the LDAP query, and therefore client applications, in the Clearspace installation in real time.
  • Include external users
    • include external users in group, get attributes (from CAMS?)
  • The team must follow all existing business rules for users, group membership, status, etc. This project will not attempt to "fix" any business logic or processes related to managing user identity, other than providing a clean, real-time connection to identity information for client applications.
  • A developer must integrate with Touchstone, IPS must be able to provide ongoing support for integrating Clearspace installations with Touchstone to other developers.
  • A developer must integrate with Moira for access control lists, IPS must be able to provide ongoing support for integrating Clearspace installations with Moira groups to other developers.
  • A development team must be able to run Clearspace on a Server-Operations hosted environment.
  • IPS must be able to install and run Clearspace on JVM and web-application server environments that match our global standards.
  • OIS will provide operational support of the Teamspaces implementation of Clearspace, therefore the MIT-customized version must be delivered as a clean install package or simple runbook, properly versioned and managed.
  • A collaboration platform must allow for inclusion of members external to MIT. External identities must be derived Touchstone CAMS (possibly in combination with other sources), not stored in a local Clearspace installation.
  • OIS must be assured that a Clearspace installation does not require that we feed, or shadow, data from enterprise identity systems into a local Clearspace data store.
  • An end user must be able to use a "private" or "hidden" group list for access control. This means that even when Clearspace does not have access to the whole member list, it should still be able to determine if the authenticated user is in a private group, via a TRUE/FALSE mechanism.
    • Example:
  • No replication of user or group data.
    • This LDAP implementation will be a facade that appears to be an LDAP database but, in fact, fronts for proprietary interfaces without another LDAP data store.
    • In its final state, mapldap.mit.edu will have no data store.
  • Finiite integration context
    • We are providing LDAP connectors to more efficiently use off the shelf products within ISDA.
    • Requirements will continue to be derived based on Clearspace, Confluence, Alfresco, and Stellar, only.
    • A generic, reusable nature is a good goal but there is no requirement to design with intent to provide a community-wide service.
  • A developer accesses LDAP connectors without needing to understand the local Moira internals about proxies.
    • A system that calls the LDAP connector does not have to pass a Moira proxy along, unless standard LDAP provides an analogous metaphor.
  • A client application sends a user ID and a group and the system returns a positive or negative result about whether the user is in the specific group or not.
    • This works for groups where the developer or client application is not allowed to list every member of the group.
    • A client application sends a user ID and a group and the system returns an enumeration of that group's membership, subject to who the user is and the group's privacy attributes in the system of record (e.g. Moira's 'visible'/hidden' attributes).
    • Example: A client application sends a user ID (presumably the currently authenticated user) and the system returns the groups that user belongs to
    • Example: A client application is able to get all MIT users and their group affiliation, including all non-MIT/guest accounts and all affiliations and statuses.
  • An outside developer will not have to understand the nuances of moira proxies to implement Clearspace. Either the method of integration makes this unnecessary, or the solution is scalable enough the IPS can support developers in setting this up.
  • IPS can work on new ID web services, notably to Touchstone, if required.
  • IPS performs enterprise hosting and enterprise ID integration work. Courseware integration is out of scope for Developer Support and the CCS team must provide the integration from Teamspaces to Stellar. This is a local implementation detail and not related to evaluating the platform for global use
  • The team must follow all existing business rules for users, group membership, status, etc. This project will not attempt to "fix" any business logic or processes related to managing user identity, other than providing a clean, real-time connection to identity information for client applications.
  • The Application Administrators must run LDAP on existing systems.
    • No new systems are requisitioned for this release.
    • They can use the existing web-services hosting environment, the existing console/instrumentation system, and others.
    • The timelines for Touchstone external users are the only dependency.
  • And end user must go to an external system (Moira, Accounts, Touchstone, Stellar) to administer users.