grouper-dev - RE: [grouper-dev] federated grouper
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: Jim Fox <>, Tom Barton <>
- Cc: Niels van Dijk <>, "" <>
- Subject: RE: [grouper-dev] federated grouper
- Date: Sun, 8 Aug 2010 00:07:23 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Yes, we should probably have more fine grained control over subject attribute
release. We are moving in that direction, in the new subject picker in
grouper (embeddable component in 1.6), you can configure which group the
results must be in, and the format of how the results are displayed. So for
Penn's access control workflow application, only employees are returned in
the search results (to pick your supervisor to route to), the display to the
user will be more explicit since only employees are using the application,
and it is important to pick the right person. For student applications (we
aren't using this component for student applications yet), we could make the
subject format less explicit based on requirements and ferpa. Anyways, we
should probably do similar things on the admin UI, simple membership updater,
and WS...
Thanks,
Chris
-----Original Message-----
From: Jim Fox
[mailto:]
Sent: Friday, August 06, 2010 11:45 PM
To: Tom Barton
Cc: Chris Hyzer; Niels van Dijk;
Subject: Re: [grouper-dev] federated grouper
For reasons related to FERPA we are not able to show people's names to all
clients. For that reason we have always allowed people to add and remove
members by their logon id -- which at least uniquely identifies them to us.
Email address seems kind of nebulous and subject to change. I suppose our
logon ids are somewhat similar to gridgrouper's cert subjects.
Jim
On Aug 6, 2010, at 7:03 PM, Tom Barton wrote:
> On 8/5/2010 2:52 PM, Chris Hyzer wrote:
>> Ø Also, we had a people picker, but decided that it was a better idea,
>> from privacy viewpoint , that a person should be invited via his/her
>> email address only. This way there has to be some 'out of band'
>> mechanism for the inviter to get these adresses, and also the chance of
>> being invited to a group by accident e.g.by selecting the wrong person
>> from the list is much smaller.
>>
>> I think most people will want to use it like that. Tom mentioned
>> entering id's since the admin might know the id. hmmm
>
> It's a requirement of GridGrouper, a packaging of grouper within the
> caGrid security layer, for admins to enter the subject name of end-user
> certs used in that environment for authentication and identification.
>
> Tom
- [grouper-dev] federated grouper, Chris Hyzer, 08/02/2010
- Re: [grouper-dev] federated grouper, Niels van Dijk, 08/05/2010
- Re: [grouper-dev] federated grouper, Peter Schober, 08/05/2010
- RE: [grouper-dev] federated grouper, Chris Hyzer, 08/05/2010
- Re: [grouper-dev] federated grouper, Tom Barton, 08/06/2010
- Re: [grouper-dev] federated grouper, Jim Fox, 08/06/2010
- RE: [grouper-dev] federated grouper, Chris Hyzer, 08/08/2010
- Re: [grouper-dev] federated grouper, Jim Fox, 08/06/2010
- Re: [grouper-dev] federated grouper, Tom Barton, 08/06/2010
- Re: [grouper-dev] federated grouper, Niels van Dijk, 08/05/2010
Archive powered by MHonArc 2.6.16.