New values in uhReleasedGrouping

Created by Julio Polo
Sept 10, 2018
1 min read

Expect additional formats to begin showing up in uhReleasedGrouping as early as September 18, 2018. The new format includes 133-character long strings and colon-delimited group paths.

Format

There are three formats that are used in uhReleasedGrouping:

  • Typical grouping, e.g.
    • my-dept-app
  • Obfuscated grouping ( more on this below), e.g.
    • obf:a3423857510105ea892733792387392892349324bdf892a2775101cf105ea892733792857510105ea892733792387392892349324bdf892a2775927337928575
  • Curated grouping, e.g.
    • hawaii.edu:store:uhims:general:mfa-enabled ((warning) available Sep 19 2018, separate announcement will be made)

Privacy with obfuscated groupings

The name of your released grouping is visible to any applications that are also checking for their own groupings in the uhReleasedGrouping attribute from CAS/LDAP. 

If this is not acceptable, you can obfuscate the name of your grouping so that it shows up as a long hex string in uhReleasedGrouping.  For example:

  • Your grouping name is my-app-users
  • The obfuscated name for above could be something like obf:a3423857510105ea892733792387392892349324bdf892a2775101cf105ea892733792857510105ea892733792387392892349324bdf892a2775927337928575
  • You see your grouping as my-app-users everywhere except in uhReleasedGrouping, where your application should check for the long string above instead of my-app-users.

Each grouping would have its own unique obfuscated name.   This feature is currently available by request to its-iam-help@lists.hawaii.edu.  A future version of hawaii.edu/uhgroupings will allow you to set this yourself.

Length

The typical length of obfuscated grouping names is 133 characters, and that's the longest value so far.  This is still below the current maximum length of 256 that's been specified in the uhReleasedGrouping DED entry.

Allowed characters

Letters, numbers, hyphen, underscore, colon and asterisk.