Grouper Developers Forum

[Niels van Dijk <>]

Hi Chris,
Some questions and ideas:

On 08/03/2010 04:31 AM, Chris Hyzer wrote:

Here are some design notes on federated  Grouper topics (we discussed these at advanced camp):

 

External user management:

https://spaces.internet2.edu/display/GrouperWG/Grouper+external+users

 

Why not add an additional LDAP for storing external users? For ldap many provisioning stuff already exists.
As a suggestion to Phase2 'invites with group provisioning': the ability to upload a CSV containing the people to be invited. This is convenient if you need to add 10+ people.
Also, we had a people picker, but decided that it was a better idea, from privacy viewpoint , that a person should be invited via his/her email address only. This way there has to be some 'out of band' mechanism for the inviter to get these adresses, and also the chance of being invited to a group by accident e.g.by  selecting the wrong person from the list is much smaller.
If you still want a people picker after the above point ;) I would suggest displaying both the name of the users as well as the institution, as many John Doe's may exist

Syncing groups between Groupers at different institutions (this one is less fleshed out):

https://spaces.internet2.edu/display/GrouperWG/Syncing+groups+between+groupers

 

A few thoughts:
- One thing that seems required is the ability to have globally unique grouper instances. Also the 'source' of the group needs to be somehow expressed towards the application consuming the group relation, otherwise it cannot distinguish between 'admin'  of uniA and admin at uniB
- The current proposal suggests the actual provisioning of user(s) and groups from grouperA -> grouperB. Keeping stuff in sync this way is tricky. Is it also possible to just query remote servers, so the process of linking group severs could be 'live'? The WS API of grouper would be able to do this nicely I think?

cheers,
Niels

Let me know any comments.

 

Thanks,

Chris

 

-- 
Niels van Dijk
Advanced Services

T: +31 302 305 337 / M: +31 651 347 657
SURFnet - PO Box 19035 - NL-3501 DA Utrecht - The Netherlands -

http://www.surfnet.nl
SURFnet - We make innovation work

begin:vcard
fn:Niels van Dijk
n:van Dijk;Niels
org:SURFnet;Advanced Services
adr:;;PO Box 19035;Utrecht;;NL-3501-DA;The Netherlands
email;internet:
tel;work:+31 302 305 337
tel;fax:+31 302 305 329
tel;cell:+31 651 347 657
url:www.surfnet.nl
version:2.1
end:vcard