Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] What Georgia Tech is doing (missed call)

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] What Georgia Tech is doing (missed call)


Chronological Thread 
  • From: "Tom Zeller" <>
  • To: "Bert Bee-Lindgren" <>
  • Cc: "Grouper Dev" <>
  • Subject: Re: [grouper-dev] What Georgia Tech is doing (missed call)
  • Date: Wed, 25 Jun 2008 13:35:16 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=pwZrhp749HXaL79XrnmvD6Rnv6QSbKu5GmJM7BDnbLWFFxutOWAoQQzr9r27YBzacp +fZoo+AiKm8b37Y/HYkq1T9C5P135JV4vI2Gf8EvpZIuCEApDqe0OCAY4WMNGeugSiau k7OTaxAbAoOKQnr6JRxL9PbRPiVVrgWolS2BI=

Sounds interesting. It would be beneficial for us to compare our 'roles engine', which seems to have quite similar requirements, to your system - hopefully you'll make your code (or something) available.

Tom

On Wed, Jun 25, 2008 at 12:36 PM, Bert Bee-Lindgren <> wrote:
Unfortunately, I couldn't make today's call, but I saw the agenda topic "what people are doing." I thought I'd take the opportunity to summarize Georgia Tech's activities since the meeting in Washington.

We have completed development of, and are wrapping up alpha testing of, a GT Role System (GRS). We're expecting it to be in customer hands in July for testing and August for production for limited customers. At some level, you can equate Role == Group.

GRS's initial, accomplished design goals include the following major items:
 -Loader: Rules to match against subject sources (LDAP initially) and automatically add & remove subjects from roles
 -Loader: Grace periods associated with enabling rules
 -Admin UI: Full role/role-hierarchy/rule/access-control management
 -Admin UI: Manual overrides to add/remove subjects from roles... with (optional) automatic reversal of override at a future date or based on subject's data or roles
 -Access control: what role-memberships enable viewing/changing/overriding/etc which other roles or role-hierarchy points
 -Audit: Permanent history of subjects' relationships with roles (permanent as long as role exists)

Relationship to Grouper:
       Technical relationship today: none
       Possible relationship:
               Right now GRS roles are boolean memberships and map very well into publishing them into grouper groups.
               If this were to change from boolean memberships to parameterized memberships (quota, scope, etc), then those details would not publish well into grouper

Medium-term plans (Now-Dec):
       Go into initial production without integration with Grouper
       See if early i2mi interest in GRS means that Open Sourcing GRS is valuable to community
       If so, use Chris's loader as a template on how to tie GRS Role-memberships into grouper

Why tie GRS and Grouper together:
       Unified operation (UI, auditing, membership life cycle) for both automatic and manual ways subjects are added to, or removed from, groups
       Temporary manual actions
       Leverage Grouper as initial place for group publishing (ldappc, group algebra(?), etc)






Archive powered by MHonArc 2.6.16.

Top of Page