Page Properties | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
- An easy way to sign into the Developer Portal
- Preferably you would be able to sign in using the Campus SSO solution
- If possible, the ability to create a Campus IdM Team Account at the time of registration with the Developer Portal
- An easy way for Teams of Developers to manage Groups of Applications
- An easy way to associate API Gateway Applications with Campus IdM Service Accounts for use with OAuth Authentication
- If possible, the ability to create a Campus IdM Service Account at the time of registering an Application
- If possible, the ability to delete a Campus IdM Service Account at the time of Application removal
- An easy way to pass in an Apigee Client ID to an attribute on a Campus IdM Service Account
Out of Scope
Assumptions
- Campus IdM will support Application Accounts (Service Accounts).
- Application Accounts (Service Accounts) Description from UCSB isDesk (ETSC RITM0023638):
2018-05-25 10:06:09 - Laurie Branagan (Additional comments) App accounts were created to allow for programmatic access to the directory without embedding a person's credentials in the application. They were not scoped to be used for authorization beyond access to the directory. It's understood this utility is somewhat limited. If what you're requesting is non-person entities in the directory - That feature is on the roadmap document that the Identity Advisory Group drafted last year. It has not been implemented.
- Application Accounts (Service Accounts) Description from UCSB isDesk (ETSC RITM0023638):
- We will eventually integrate Developer Portal logins with Campus SSO.
...
Ticket(s) | Title | User Story | Priority | Notes | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Campus Service Accounts | As an Application Developer, I need the Campus to have the ability to create Service Accounts for my Applications. |
| Just noting that we would like for the Campus IdM System to support Service Accounts
| |||||||||||||||||||||
Register Application (Campus Service Account) | As an Application Developer, I would like to Register an Application with a UCSB Net ID Service Account which will belong to currently logged in account. |
| This is needed in all scenarios.
| |||||||||||||||||||||
Campus Service Account Creation in Developer Portal | As an Application Developer, I would like to manage UCSB Service Accounts that I create through the Developer Portal. |
|
| |||||||||||||||||||||
SSO Enabled Individual Account Login (Proof-of-Concept Work) | As an Application Developer, I would like to sign in using my UCSB Net ID and password in order to do Proof of Concept work. |
| This is an edge case, not the main use case.
| |||||||||||||||||||||
SSO Enabled Campus Team Accounts
| As an Application Developer, I need the Campus to have the ability to create Team Accounts for my Development Team |
| Just noting that we would like for the Campus IdM System to support Team Accounts
| |||||||||||||||||||||
SSO Enabled Team Account Login
| As an Application Developer, I would like to sign in using my Teams UCSB Net ID and password in order to work on our Applications. |
| Same as the SSO Enabled Individual Account Login (Proof-of-Concept Work) story, but logging in using the Campus IdM Team Account. | |||||||||||||||||||||
SSO Enabled Register Application
| As an Application Developer, I would like to Register an Application with a UCSB Net ID Service Account which will belong to the Campus Developer Team. |
| Same as the Register Application (Campus Service Account) story, but associated with a Team instead of an Individual. | |||||||||||||||||||||
Individual Accounts
| As an Application Developer, I would like the Developer Portal to know what teams I belong to. |
| This would require the Apigee Product Suite to implement a Teams functionality.
| |||||||||||||||||||||
Apigee
| As an Application Developer, I would like to sign into the Developer Portal using my UCSB Net ID and Password. |
| This would require the Apigee Product Suite to implement a Teams functionality. Yellow | title | APIgee TEAMS |
| ||||||||||||||||||
Register Application (Campus Service Account)
| As an Application Developer, I would like to Register an Application using a UCSB Service Account with a Development Team. |
| This would require the Apigee Product Suite to implement a Teams functionality.status | |||||||||||||||||||||
colour | Yellow | |||||||||||||||||||||||
title | APIgee TEAMS | |||||||||||||||||||||||
Third Party Company Account | As a Third Party Company, if a department requires I use the Campus API Gateway to retrieve data then I need to be able to create an account within the Developer Portal. |
|
|
User Interaction, Design & Architecture
CAS Login and Account Creation Login w/ CAS (WebSequenceDiagram Link)
Simple SSO and Service Account Association App Registration and Creation (WebSequenceDiagram Link)
- SSO through CAS Sequence Diagram (CAS Documentation Link)
- Prerequisites
- Service Accounts have to be in CAS
- Service Account
Campus IdM Team SSO and Service Account OAuth Association (WebSequenceDiagram Link)
- Maybe
Simple SSO with Apigee Teams and Service Account Association (WebSequenceDiagram Link)
- The Apigee Team claimed they have something like this in the Roadmap; but it really didn't sound right. Like they were talking about something that used the term "Group" but didn't have to do with grouping Developers together.
- If we did this, the Campus API Team would have to develop it from the ground up; so it would probably never happen.
...
Examples and References
Questions
Below is a list of questions to be addressed as a result of this requirements document:
...