Versions Compared

Old Version 50

changes.mady.by.user Bruce Hoff

Saved on

compared with

New Version 51

changes.mady.by.user Bruce Hoff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

- We want to have full control over the UI (hence a custom approach using GWT instead of GoogleSites) but link to the relevant GoogleDocs and GoogleGroups and use the GoogleDocs UI and GoogleGroups UI when folks are interacting with those resourceresources.

Analysis

There are just four components that need to perform authentication. (The others delegate authentication to the registry.)  They are listed here, along with authentication options:

...

- Employ Atlassian Crowd as the administration console for user authentication.

Open Questions

 - Are Atlassians Crowd pricing, license models, and hosting options acceptable for our purposes?  Do they prohibit integrating with NextBio?
(Note: Atlassian doesn't host Crowd, rather we download and host it ourselves. It's an Apache Tomcat application, with a variety of choices for databases.)

- What other SAML or OpenID identity provider (ip) tools (provding UIs and/or aggregating other ipIdP's) are there?

- Can Google Apps and Google Groups use OpenID (instead of SAML) for authentication?

NO. They will authenticate 3rd party app's via OpenID but they do not delegate authentication via OpenID.

-Do we want to use google app's to see content we host elsewhere, or will google app's be the only place that doc's are stored in this 'sprint'?

 - Can "Google Group" membership be managed by an external authentication mechanism? (If not, then the google Provisioning API can create accounts for them in our domain.  Back-up alternative might be to use GMail + group alias rather than Google Groups for threaded discussions.) YES, it's part of the Google Apps delegation, see below.

- if we are doing "arm's length" integration with google app's, then what other providers should we plan for?

 - do we need 'audit logs', e.g. to show when users were added/removed and by whom?

Pivotal assumptions/questions (i.e. that can substantially change the design)

- Does a google doc created outside of the domain need to be able to be shared with a group in the domain?

- Do new users need to be given immediate access to the platform (without an admin in the loop)?

Experiment to address key questions

...