The questions around Collaboration Management Platform interoperation
What needs to be shared between diverse CMP to have them interoperate? What specific attributes or metadata must be shared (if anything) for different CMP platforms to converse? What are the anchor identifiers?
Grouper Group sync as an example/use case
- You can link up one group from one Grouper with a group in another Grouper. This uses Grouper Web Services.
- This can be push (cron), pull (cron), or incremental (means push cron and real time diffs)
- One Grouper needs WS credentials and privileges to read or update a group in another grouper.
- You need to configure how subject sources in one grouper “map” to subject sources in another grouper. i.e. in one grouper, you have an identifier attribute in the subject source (e.g. eppn, but could be anything), which maps to the subject API id or identifier in the other Grouper
- If the subject does not exist in the other Grouper, you can optionally configure “addSubjectIfNotExist”, so that a call is triggered to the Grouper External Subject interface to create that external subject. This is either built-in in the Grouper DB, or a customization to however external subjects are managed at the institution. Note that customization could be a notification for someone or something to process the new user.
- If there are other attributes required to use the service (e.g. email address), that needs to be self-managed by the user (e.g. in the case of Grouper External Subjects module), or however that is managed at the institution. If it is a pull type sync, then that attribute might be available via Grouper WS (depending on security).
Shibboleth as an example/use case