| Page Properties |
|---|
| Project Title | Campus API Gateway |
|---|
| Target Release | |
|---|
| Epic | |
|---|
| Document Status | |
|---|
| Document Owner | |
|---|
| Document Sign-Off | |
|---|
| Subject Matter Expert(s) | |
|---|
| Technical Expert(s) | |
|---|
|
...
- An easy way to sign into the Developer Portal
- Preferably you would be able to sign in using the Campus SSO solution
- If possible, the ability to create a Campus IdM Team Account at the time of registration with the Developer Portal
- An easy way for Teams of Developers to manage Groups of Applications
- An easy way to associate API Gateway Applications with Campus IdM Service Accounts for use with OAuth Authentication
- If possible, the ability to create a Campus IdM Service Account at the time of registering an Application
- If possible, the ability to delete a Campus IdM Service Account at the time of Application removal
- An easy way to pass in an Apigee Client ID to an attribute on a Campus IdM Service Account
Out of Scope
Assumptions
- Campus IdM will support Application Accounts (Service Accounts).
- Application Accounts (Service Accounts) Description from UCSB isDesk (ETSC RITM0023638):
2018-05-25 10:06:09 - Laurie Branagan (Additional comments) App accounts were created to allow for programmatic access to the directory without embedding a person's credentials in the application. They were not scoped to be used for authorization beyond access to the directory. It's understood this utility is somewhat limited. If what you're requesting is non-person entities in the directory - That feature is on the roadmap document that the Identity Advisory Group drafted last year. It has not been implemented.
- We will eventually integrate Developer Portal logins with Campus SSO.
Current System
| Ticket(s) | Title | User Story | Future Plan | Notes |
|---|
| Apigee Developer Account | As an Application Developer, I would like to sign into the Developer Portal using an email address that is shared by a development team on campus (ends in @*.ucsb.edu) | | This is the way the system currently works. We would like to move away from this. - Currently the system has no way of sharing access to Applications between multiple logins. So, you need to create a "shared" login to be able to do that. We call these functional accounts.
- These are used to register actual applications so they can be maintained by a team of people.
- These accounts must be created using shared emails address with @*.ucsb.edu addresses.
- The passwords for these are only usable in the Developer Portal. The password will not be stored anywhere or retrievable after creation.
- It is a requirement that the person who created the password must store and share the password safely with their team.
- There is a way to reset a password.
|
| Apigee Application Account | As an Application Developer, I would like to Register an Application with the account I logged in with. | | This is the way the system currently works. We would like to move away from this. - Applications are only visible to Developer Account which created them.
- Applications can be created and deleted by the Developer Account through the Developer Portal at any time.
- Currently when system creates an Application it also generates a unique
client_id as the identifier. - All permissions to Apigee API's are granted based upon the internal
client_id. - For OAuth to work the
client_id will need to be set as attribute on a Service Account record in our Campus Id system.
|
| Third Party Company Account | As a Third Party Company, if a department requires I use the Campus API Gateway to retrieve data then I need to be able to create an account within the Developer Portal. | | Currently, this is the same as the Apigee Developer Account story. |
Apigee Product Suite Architecture & Current System Workflow
...
| Status |
|---|
| |
|---|
| colour | Yellow |
|---|
| title | APIgee TEAMS |
|---|
|
is where Apigee implements
Team Accounts. They donTeams; where Developers can belong to Teams and Teams can own Application. Apigee doesn't have this on their roadmap; and it's very unlikely to happen.
...