Web groups and SSO integration for our web apps
I've recently been working on improving our Web Groups system. This is a central system that allows users to create their own arbitrary groups of Single Sign On users. These groups are then exposed through some web services which allow our other web apps to use them as the basis of permissions or grouping in whatever way they see fit.
Along with SSO, Web Groups is one of the systems that really helps us build very powerful systems with very easy and fine grained permissions…without having to actually do much work in each of those applications.
Web Groups now includes all sorts of groupings now such as:
- Students in a department
- Teaching staff in a department
- Students going a particular course
- A full or part time students in a department
- Students in a particular year of a course
- Tutor groups
All of this data is automatically pulled in from our Academic Data Store (ADS) project. This means that the data is always up to date. Previously if someone wanted to protect say a SiteBuilder page so that only people doing that module can see it, they had to find and keep up to date a list of the ITS usercodes of all students on that module. Now they just need to enter a group name and it'll be kept up to date for them.
If our groups are not good enough, people can make their own groups. So for instance you could create a group that is all the students on a module plus the 3 staff involved with that module. Again, this will all stay up to date as the students on that course change, even at the start of a new year.
We currently have a similar system in BlogBuilder, but we'll be moving over to this new system soon as it is more reliable, powerful and just plain faster.
By using these shared services such as SSO and Web Groups, we can build much more integrated and powerful solutions that we just probably couldn't get from an external vendor.