1. Grouproles at RUC Course enrollment based on composite grouproles in external groups

2. Overview How do we integrate? Why using groups and roles? Overview of slides: Use Cases presentation Technical infrastructure Group-roles and Portalino Sakai and Providers

3. - Step Two: Ask for groups for group - Step One: Ask for groups for user Access Maintain - Step Three: Find intersection Access Maintain Using LDAP as middle ground for expressing memberships.

4. Using Group-Roles Group-Roles pairs expresses membership of a given group real-world binding to a specific role Role Mapping depends on context of group-role

5. Scenario: Use Cases and Setting Uses Cases are diverse For teachers: Sakai is voluntarily Support is face2face For students: Teacher chooses Sakai Support is by mail

6. Other uses of Sakai Research teams Special Interest Groups Commitees Organizational Units Student Project Groups

7. Group Management User Directory implemented 10y ago Fully implemented as primary directory New Group-Role database in roll-out Designed and coded 2y ago Continuously pushed as primary directory Still in redesign process

8. Infrastructure LDAP as directory protocol User Directory as regular LDAP Group Directory as meta-LDAP Yale CAS as SingleSignOn (SSO) Zero-Effort Cassification

9. LDAP Development Custom LDAP Schema Strands organize information Highly Agile presentation layer

10. CAS Development Rewritten Yale CAS 2.10 Integrated in all Internet Services campus wireless (Blue Socket) Redirects login

11. No CAS (OOTB LDAP provider)

12. Yale CAS 2.0 unmodified

13. Zero-Effort Cassification

14. GroupRole Database Memberships in groups formal, informal, and ad hoc for mail-lists,courses, ACLs informative, no business logic nested membership in development

15. DK.RUC.ALFA displayName: Sample at Alpha Faculty DK.RUC.ALFA-FACULTY Ms. Andrews, Ms. Brown DK.RUC.ALFA.SMPL-STUDENT Cindy DK.RUC.ALFA.SMPL.FALL2006.101 displayName: “SAMPLE 101, FALL 2006” DK.RUC.ALFA.SMPL.FALL2006.101-TEACHER Ms. Andrews DK.RUC.ALFA.SMPL.FALL2006.101-ENROLLED Cindy Diana, enlisted: “Beta Faculty” Resembles reverse DNS separated Role appended for users suffix Attributes: on groups, e.g.. display name on users, e.g.. guest status

16. Portalino Light-weight Portal Online bookmarks Some links are pushed to users Everything else is user-land

17. Portalino, Screenshot

18. Integration Wireless defaults to Portalino Links to all services from Portalino Current courses linked directly Archived courses can be hidden

19. Sakai at Roskilde University

20. Roadmap November 2004, Sakai 1.0 in Pilot Manual group administration September 2005, Sakai 2.0 in Production Webservice synching July, 2006 Sakai 2.2 in Production Webservice synching with Group Providers

21. User base and staffing Potential user-base: 8.100 students 1324 staff (also part time) Actual users: 1217 unique session_user Staffing: 1 project leader, 3 admin/devs approx. 1-2 man years

22. The Group Provider How it should work How it works What we wanted

23. Standard provided groups

24. String getRole(id, user) Map getUserRolesForGroup(id) Map getGroupRolesForUser(userId) String[] unpackId(id) getGroupRolesForUser when generating sites getRole at entry in site getUserRolesForGroup at emails, list of participants unpackId - ?

25. String getRole(id, user) Map getUserRolesForGroup(id) Map getGroupRolesForUser(userId) String[] unpackId(id) getGroupRolesForUser at login, data cached getRole never! (worksite setup) getUserRolesForGroup at emails, list of participants unpackId - not necessary