Grouper Developers Forum

[Tom Barton <>]

I've engaged in several discussions on the theme of "possible 
integration of Grouper and/or Signet with X" over the last few days at 
the Global Grid Forum #15 in Boston, and thought you guys would like to 
be aware. I also wanted to let you know that I demonstrated Signet 
assigning a priv to a group just created with Grouper, by use of the 
GrouperSourceAdapter presenting the Group Registry to Signet through the 
Subject API. It all worked great. Sorry for the necessary cross-post.

David Chadwick of Univ of Kent (in the UK) had an unfunded proposal to 
investigate integrating Grouper with PERMIS to provide the latter with 
better management functionality. It's not clear when or if the work will 
proceed, although the barrier gets lower with each new Grouper release.

Dane Skow of FermiLab and the Open Science Grid liked the prospects that 
Signet presented for complementing their VOMS-based access management 
(VOMS = Virtual Organization Management System). Conceived as an 
additional access management tool rather than as a replacement of or 
enhancement to VOMS, he felt that Signet's ability to present priv 
management in functional, non-technical, terms fit well with needs to 
provide OSG resource administrators with ability to inject their 
authority into mediating access to resources beyond what VO managers 
express through VOMS. Grouper might also fit that picture as a means of 
making it even more convenient for resource managers to express which 
lists of subjects (people & VOMS roles) are subject to a given policy, 
as assigned by and expressed through Signet.

Von Welch of NCSA mused about integrating Grouper with CAS (Community 
Authorization Service, not Yale's Central Authentication System) to give 
it better management capabilities.

Sam Sun of CNRI, Frank Siebenlist of Argonne, & I discussed at length 
the prospect of integrating Grouper with the Handle System 
(http://www.handle.net, RFCs 3650-52) to improve its access management 
capability. This looks quite feasible and interesting. Half of that 
integration would be courtesy of the Subject API. I'll be checking 
things to see whether the handle system presents any new technical 
requirements. I'm not expecting to find them, but it's a good 
opportunity to double-check the Subject API. BTW, it's worth your while 
to check out the handle system as a resource at your disposal for a 
variety of potential uses - very interesting.

And on several occasions people opined that the grid community was good 
at producing technical solutions with missing or poor management 
capabilities. The idea of focusing on management tools to integrate with 
access management technologies was a welcome one, and people really 
liked the UIs they saw in Grouper and Signet.

Tom