An extensible protocol for dynamic exchange of group and authorization data.

VOOT defines a data model and a protocol to dynamically fetch group related information to applications, web services or collaboration tools. Group information is typically used for access control and or for social services where users interact within various group contexts.

VOOT is designed to fulfill the requirements from research and educational institutions, but is not limited to these. Very specific attributes to use cases within education is kept in separate dedicated schemas to increase flexibility.

VOOT focuses on the use case where the client does not contain any information about the user in advance, but will dynamically obtain the data needed, when needed, at the time the user logs in, or even at a later time (with a persistent OAuth token). Therefore most of the protocol requests discussed is viewed from the perspective of the current authenticated user.

VOOT expect the client to obtain basic user details about the current user by other means than VOOT/SCIM, such as SAML or OpenID Connect.

VOOT aims at efficent transport and retrieval of data to reduce latency when used live in the user’s client. This implies that we add support for retrieving most combination of data in a single or a few requests.

VOOT extends SCIM, and plays well with SAML or OpenID Connect.

Current status.

VOOT is a community specification developed through the GÉANT3+ programme, by the research and educational community.

We've reached a milestone, where we want feedback from the NREN community, and get ready to start implementations.

We may adjust the wording and add details in the specification text in this phase.

Previous version.

The current specifications mirrored on this page reflext work with VOOT version 2.0.

Version 1.0 of the VOOT spec is still available

Extending VOOT

In any deployment, you would naturally define your own group types. In a community you should harmonize and share group types. In example in higher education, it makes sense to define a group type such as Courses. Currently no group types are part of the official VOOT specifications.

When defining a new group type, you need to create a group type object, containing identifier and a translated name. In addition you have to define the set of properties, for both group and membership objects.

We will maintain a set of group types at this site working as examples of how to define group types.