Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] Re: Best signet/grouper versions to use for integration?

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] Re: Best signet/grouper versions to use for integration?


Chronological Thread 
  • From: Tom Barton <>
  • To: dan <>
  • Cc: "" <>, "" <>
  • Subject: Re: [grouper-dev] Re: Best signet/grouper versions to use for integration?
  • Date: Tue, 23 Jan 2007 09:19:53 -0600



dan wrote:
Which reminds me - how do you usually push your group and privilege
information out to other applications? Say you've got a mail app that
needs groups, and reads those groups from its own text file format, or
a photo sharing application which needs to know if a user has a
"publish" privilege. How does one model those scenarios in the
Grouper/Signet universe?

You're probably aware that there is a new LDAP provisioning connector that pushes groups, memberships, and permissions to LDAP directories. For other integration scenarios you currently need to provide your own tools. Grouper 1.1 provides java API and command line interfaces, and an XML export tool to source group and membership info into your integration infrastructure. Signet 1.0.1 provides a java API for this purpose. Lynn or Dave might comment on additional integration capabilities in Signet 1.2, to be released soon. In the roadmap for both products is further tooling to source changes to groups, memberships, and permissions (so that your integration tools don't need to compute a logical diff) and SOAP interfaces. For a quick start right now though, you might want to consider repurposing the portions of the LDAP provisioning connector that face grouper and signet, swapping out the LDAP facing stuff for whatever suits.

Two particular management capabilities seem apropos of your scenarios. First, and most generally, you can assign a permission to a group, which might, for example, determine who has a publish privilege for your photo sharing application. Secondly, and more specific to particular cases, you can add custom attributes and lists to groups which are meaningful to your provisioning processor or to the provisioned application. This might be useful for groups being used for mail lists, for example.

Please excuse my general ignorance of the field, this is quite new to me.

Not at all. It's pretty early in the adoption curve for this type of access management.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page