Child pages
  • November 15, 2019 - Group Management Next Steps
Skip to end of metadata
Go to start of metadata

Attendees:

Agenda

  • Review of use cases
    • XSEDE researchers and developers need the following specific features from candidates.

      • HIGH priority: Can authenticated users manually create groups? (GRP-02

      • HIGH priority: Can authenticated users manually view and manage the configuration of groups (subject to access control)? (GRP-03)

      • MEDIUM priority: Can a group’s owner or administrators (subject to access control) invite others to a group? (GRP-05)

      • MEDIUM priority: Can authorized users request membership in a group (subject to access control)? (GRP-06)

      • LOW priority: Does the group service or tool offer a mechanism to synchronize a group with a group defined in another well-known group database? (GRP-09)

      • MEDIUM priority: Does the group service or tool provide an API that allows registered application/gateway developers to access and/or manage a group’s configuration, subject to access control? (GRP-10)

    • In order to work within the XSEDE system environment, the following integration features also need to be supported by candidates.

      • HIGH priority: Does the candidate support OAuth/OIDC-based user authentication and can it be configured to use XSEDE’s OAuth/OIDC authentication service?

      • HIGH priority: Can the candidate provide usage data as described in our CAN-5 design doc?

      • MEDIUM priority: Will XSEDE be able to supply tool/service information/descriptions as described in CAN-7,8,11,12?   (Should be YES for all candidates.) 

  • Review of initial evaluation
  • Review of in depth evaluations
    • Globus Groups
    • CoManage
      • Options are to have CILogon host it (requires extending subscription for $20K/year) or have Sysops operate our own (its open source)
      • Supports all use cases above.  API mostly for admin access.  For main user access, recommend using LDAP.  For users that care about REST APIs, there is SCIM.
      • For XSEDE integration
        • XSEDE OAuth/OIDC support?  Yes on OAuth/OIDC but would need to do some work to get it integrated with Globus Auth
        • For usage data? Yes
        • Able to publish to Info services? Yes
      • Services integrated with CoManage
        • mailman — important

        • any ldap compatible service —  jira, confluence – important

        • media wiki

        • Jim Basneywill see if more

      • Also used by LIGO and OSG just signed on too
    • Google Groups
      • Best contender as far as basic use cases but would fall short as far as usage data and identity management integration could be tricky.
    • Confluence Groups
      • Not a contender since it is admin only
    • Indigo IAM Groups
      • Not a contender since it is admin only
    • AWS IAM
      • Not originally in our evaluation but came up during call.  Provides similar functionality and probably integrated already with several services but would need to investigate further to determine how much work it would be.  CoManage's adoption by LIGO and OSG is an important consideration.
  • Next Steps
    • Proceed to design review on COManage
    • Galen Arnold and Peter Enstrom will provide an executive summary of their evaluations and this call.
  • No labels