Group Membership Service Working Draft

TOC

Working Draft

The most recent published Working Draft can be found here: Group Membership Service

Comments from the community to be considered

• The idea at the bottom of p9 is worth exploring... identity=x509:?? -- PatrickDowler - 2018-11-06

• In the section describing possible future enhancements, specifically a way to manage groups, references should be made to the IETF RFCs 7642, 7643, and 7644, which make up the SCIM (System for Cross-Identity management). These RFCs were brought to my attention by MathieuServillat -- BrianMajor - 2019-03-22

Comments accepted and applied to the non-published version of the working draft

• all currently in the published version

Comments accepted and applied to the latest, published working draft

• Why the fixed /gms part of he path? Just to give the group uri scheme some recognisability? We could also go vospace style , eg gms://authority/path?group to get that but with simpler extraction if the resource ID... I think path restriction will rub people the wrong way. It really means it is hard to embed gms capabilities into other existing services where you already chose the resource id -- PatrickDowler - 2018-11-06
  • +1 for me on the gms:// schema solution. It leaves the local part of the IVOID (URI) opaque as it should and free-to-manage by the providers. -- MarcoMolinaro - 2018-11-07
    • I've changed the gms ivoid to be in the gms:// form suggested above. -- BrianMajor - 2019-03-22
    • This has been changed back to a IVOID (ivo scheme) but without a fixed path -- BrianMajor - 2019-04-26

• I think user and principal are misleading param names; user is a collection of identities so maybe identity would be better. I'm not sure how the term principal is used outside the java APIs, but I would thing identiyType or idType would make this more clear.
  • The two optional parameters have been renamed 'identity' and 'identityType' . -- BrianMajor - 2019-03-22

• Paraphrased from an email from MarkTaylor: the use of 403 as the response code to indicate non-membership doesn't seem correct.
  • I agree and have changed the API definition of GET to /search/groups/{group} to simply return an empty list of groups and 200 (OK) to mirror the API for GET to /search/groups -- BrianMajor - 2019-03-22

• Paraphrased from an email from MarkTaylor: the existence of both a functional and REST definition of the GMS API is confusing.
  • Okay, thanks. I think I will put the API in tabular format instead and hopefully that will help clarify that section. -- BrianMajor - 2019-03-22
    • Now in a table. BrianMajor - 2019-03-29

• Corrections and edits to the Group Identifiers section including the registry lookup based on feedback from Mark Taylor and Marcus Demleitner. -- BrianMajor - 20190426