I love the open attitude at UiO, they share their projects and plans and work online.  The last thing I looked at from them was a brief investigation of the work they have done on group management, and how the group provisioning tools interact with their campus identity management system.

UiO has done work on group management (dubbed WebID, formerly known as VirtHome), and their current group profile holds information about

  • The name of the group (cn, mandatory)
  • Description of the group (description, mandatory)
  • Members of the group (uid or eduPersonPrincipalName, mandatory)

Each user is registered with group relevant information

  • Group membership (member)  DN for the all the groups the user is member of.
  • username (uid, mandatory) Must be unique within the group management tool
  • Full name (cn)  Using cn for full name of a person is a choice made, and non-federated users will not necessarily have this attribute with high data quality.  Federated users may have cn populated by something else but their name.  Tags are used to distinguish federated users from accounts local to the group management.
  • Last name (sn).  Tags are used to distinguish federated users from accounts local to the group management.
  • Given name (givenName). Tags are used to distinguish federated users from accounts local to the group management.
  • Preferred name (displayName)
  • email (email, mandatory)
  • Password (userPassword) Encrypted password for the user, not relevant for federated users.
Advertisements