The following information is intended to help guide the deliverable/s of the various subcommittees but should in no way constrain the outcomes of the groups.
Group Name: Access Management Subcommittee
Date
9/16/2011
Purpose of Group
Determine the requirements for an Access Management solution, perform a gap analysis of existing open source and commercial solutions and make a final recommendation to the OSIdM4HE group.
Gap Analysis
Glossary of Terms
Term |
Definition |
---|---|
|
|
|
|
|
|
Requirements/Principles of the Chunk/Module
Groups Requirements
What follows are requirements related to the groups portion of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|---|---|
GRP_0100 |
PSU |
The groups system shall support the establishment and maintenance of standing groups based on data from System(s) of Record (SoR). |
GRP_0110 |
PSU |
The groups system shall support the establishment and maintenance of student class groups. |
GRP_0120 |
PSU |
The groups system shall provide a delegated groups management function. |
GRP_0130 |
PSU |
The groups system shall provide a API and web service interfaces for accessing group information. |
GRP_0140 |
PSU |
The groups system shall support the publishing of groups information to other systems (LDAP, Active Directory, and so on). |
GRP_0150 |
PSU |
The groups system shall support the creation, modification and/or deletion of groups and/or membership. |
GRP_0160 |
PSU |
The groups system shall support the construction of dynamic groups. |
GRP_0170 |
PSU |
The groups system shall support nested groups. |
GRP_0180 |
PSU |
The groups system shall support groups that have an effective and/or expiration date. |
GRP_0190 |
PSU |
The groups system shall provide an end-user user interface for the management of groups. |
GRP_0200 |
PSU |
The groups system shall provide an auditing facility for all changes to groups/memberships. |
GRP_0210 |
PSU |
The groups system shall provide a notification facility that user's/system's can subscribe to for group changes. |
GRP_0220 |
PSU |
The groups system shall allow for attributes to be associated with a group (metadata). |
GRP_0230 |
PSU |
The groups system shall support the construction of a group from the members of other group(s) (group math). |
Roles Requirements
What follows are requirements related to the roles portion of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|---|---|
ROL_0100 |
PSU |
The roles system shall provide a facility for the management of roles. |
ROL_0110 |
PSU |
The roles system shall support three types of roles: basic, assigner (assigns users to roles) and stewards (assigns assigners to roles). |
ROL_0120 |
PSU |
The roles system shall provide an API and/or Web Services to access its facility. |
ROL_0130 |
PSU |
The roles system shall support the creation, modification and deletion of roles. |
ROL_0140 |
PSU |
The roles system shall support effective and expiration dates for a role. |
ROL_0150 |
PSU |
The roles system shall support permissions and/or limits associated with a role. |
ROL_0160 |
PSU |
The roles system shall support the publishing of role information to other sources, for example LDAP. |
ROL_0170 |
PSU |
The roles system shall support the concept of a role proxy where a person is given access for a limited period of time. |
ROL_0180 |
PSU |
The roles system shall support a hierarchy of roles, which enables the reuse of roles. |
Attributes Requirements
What follows are requirements related to the attributes portion of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|---|---|
ATT_0100 |
PSU |
The system shall provide an attribute services. Attributes can either be single-valued or multi-valued. |
ATT_0110 |
PSU |
The system shall support public and sensitive (limited access) attributes. |
Service Registry Requirements
What follows are requirements related to the service registry portion of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|
User Interface Requirements
What follows are requirements related to the user interface portion of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|
Enterprise Requirements
What follows are requirements related to the enterprise aspect of an Access Management solution
Requirement ID |
Requirement Source |
Requirement Description |
---|
Scope
- Groups
- Roles
- Attributes
- Enterprise
Project Definition
- Resources Needed, Outcome Expected, Timeline