Subject: Grouper Developers Forum
- From: Tom Barton <>
- To: , Signet <>
- Subject: more Grouper/Signet integration prospects
- Date: Thu, 06 Oct 2005 16:06:17 -0400
I've engaged in several discussions on the theme of "possible integration of Grouper and/or Signet with X" over the last few days at the Global Grid Forum #15 in Boston, and thought you guys would like to be aware. I also wanted to let you know that I demonstrated Signet assigning a priv to a group just created with Grouper, by use of the GrouperSourceAdapter presenting the Group Registry to Signet through the Subject API. It all worked great. Sorry for the necessary cross-post.
David Chadwick of Univ of Kent (in the UK) had an unfunded proposal to investigate integrating Grouper with PERMIS to provide the latter with better management functionality. It's not clear when or if the work will proceed, although the barrier gets lower with each new Grouper release.
Dane Skow of FermiLab and the Open Science Grid liked the prospects that Signet presented for complementing their VOMS-based access management (VOMS = Virtual Organization Management System). Conceived as an additional access management tool rather than as a replacement of or enhancement to VOMS, he felt that Signet's ability to present priv management in functional, non-technical, terms fit well with needs to provide OSG resource administrators with ability to inject their authority into mediating access to resources beyond what VO managers express through VOMS. Grouper might also fit that picture as a means of making it even more convenient for resource managers to express which lists of subjects (people & VOMS roles) are subject to a given policy, as assigned by and expressed through Signet.
Von Welch of NCSA mused about integrating Grouper with CAS (Community Authorization Service, not Yale's Central Authentication System) to give it better management capabilities.
Sam Sun of CNRI, Frank Siebenlist of Argonne, & I discussed at length the prospect of integrating Grouper with the Handle System (http://www.handle.net, RFCs 3650-52) to improve its access management capability. This looks quite feasible and interesting. Half of that integration would be courtesy of the Subject API. I'll be checking things to see whether the handle system presents any new technical requirements. I'm not expecting to find them, but it's a good opportunity to double-check the Subject API. BTW, it's worth your while to check out the handle system as a resource at your disposal for a variety of potential uses - very interesting.
And on several occasions people opined that the grid community was good at producing technical solutions with missing or poor management capabilities. The idea of focusing on management tools to integrate with access management technologies was a welcome one, and people really liked the UIs they saw in Grouper and Signet.
- more Grouper/Signet integration prospects, Tom Barton, 10/06/2005
Archive powered by MHonArc 2.6.16.