Blog

COIP sprint week 8-9
Leif Johansson posted on Mar 09, 2011

We are finishing a 2 week sprint on COIP that has resulted in many improvements. Notable changes:

  • The permissions framework for groups has seen a lot of work. This includes the ability to limit group "visibility" to groups of service providers. This is accomplished by allowing groups to consist of both services and users. This also allows group owners to have control of account linking so that (for instance) a group is only visible if you login from a certain set of IdPs (eg excluding low-assurance IdPs). These features are important in order to preserve user privacy and service level of assurance.
  • The UI is (at least in our opinion) much less cryptic now. Clear text boxes and buttons have replaced most icons which makes the UI much more self-explanatory. We've also introduced wizards for some of the bigger forms making them much less intimidating.
  • We have done integration with the SUNET media distribution service to discover any deficiencies in the COIP model. We were pleased to find very few issues but as a result of this experience COIP will soon have a JS widget-library for rendering a "group selector" widget.
  • The invitation-system has been complemented with the ability to directly add users to a group including the ability to add yourself to groups where you are permitted to do so. In order to keep the user informed about changes to her membership COIP sends email when a users joins or leaves a group.
  • We have spent some time thinking about how groups memberships are represented to relying parties. Our initial thoughts were to always use URNs but we have decided to add the ability to represent a group as a URL. The benefit of URLs is that they are easier to make unique which solves problems for relying parties that have to integrate with multiple GMPs (group management platform).
  • Memberships can now be tagged with "roles" so it is possible to express that a user is a member of a group "as a teacher" or "as a student". This operation is of course subject to access control. We are still thinking about how to represent this information in group URNs and URLs so that service providers can consume the information.

The latest code is running on https://coip-test.sunet.se.