Skip to Content.
Sympa Menu

grouper-users - [grouper-users] grouper - box.com integration

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] grouper - box.com integration


Chronological Thread 
  • From: Chris Hyzer <>
  • To: "" <>
  • Subject: [grouper-users] grouper - box.com integration
  • Date: Wed, 13 Mar 2013 20:07:23 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none

I wrote a simple proof of concept box app that uses box’s API, so I am thinking of how Grouper – Box integration could work…

 

At Penn, our Box implementation has folders that are owned by users, and we don’t have any groups in Box (due to a security concern about Group admins, I don’t know the specifics).

 

Anyways, the way I see how it could work for us is:

 

1.       A Grouper Group admin (or Grouper Admin) adds an attribute to a group: boxEnable

2.       That attribute has value of the netId/userId, box role, and folder location, e.g. mchyzer_collaborator_testFolder

a.       Note: this could be validated with helpful error messages

b.      Note: this could be broken up into separate sub-attributes to make it easier(?) to use

3.       Grouper would make sure that the Grouper user assigning/changing that attribute/value are either a Grouper admin, or their user ID in the attribute value matches the netId.

4.       A real time process and periodic daemon would sync the users in the group with the users that the folder is shared with for that box role

 

Issues: would external users work?  Email addresses would need to match.  Some Penn users arent using their account in Box, so they would have to use that account in box or we would need a user attribute for one-offs…  how does it work to transition this when people leave the group?  In box I think you delegate admin access to someone else, and the Grouper attribute could be edited to point to that user instead.  The person it is moving to would need to be a group admin, or the Grouper admin could do this.  This would only work for institutions who have agreements with box so that an admin app could manage their user account…  Grouper would be authenticating to box with an admin account that has control over the institution’s users.

 

Note: this would help for people who want a folder shared with a group.  Its not really intended for migrating a massive number of groups to box or something like that.

 

Would something like this be useful to people?  J  How else could it look?

 

Thanks,

Chris




Archive powered by MHonArc 2.6.16.

Top of Page