Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] federated/provisioned groups mockup

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] federated/provisioned groups mockup

Chronological Thread 
  • From: Tom Barton <>
  • To:
  • Subject: Re: [grouper-dev] federated/provisioned groups mockup
  • Date: Fri, 27 Aug 2010 11:54:17 -0500


Two questions, then a thought.

Will the Target Federated Grouper's Grouper Connector make SPML requests (a pull model), or will the source Grouper (gsh) make the SPML requests for the Target Federated Grouper?

Assume that the Target Federated Grouper is operated by an organization distinct from the Grouper at the left of the diagram. How should the federated agents - Target Federated Grouper's Grouper Connector and Ldappc's PSP - establish connections, ie, identify and authenticate each other, and secure the SPML in some fashion?

The thought is that this diagram, or something much like it, seems like a reasonable representation of an architecture of the sort that SPMLv3 ought to implement. Also, Ldappc's calc, diff, and sync operations are valuable provisioning capabilities to have, as I know you know from many years of experience at U Memphis. It'd be great to have those on some SPMLvN roadmap.


On 8/26/2010 10:02 AM, Tom Zeller wrote:
I've updated the wiki with an image of how federated groups might be
provisioned through ldappcng :

The work that needs to be done includes (1) converting Grouper
changelog entries to spml and (2) writing the spml-to-Grouper
connector, both of which should be straightforward.

Feedback ?


Archive powered by MHonArc 2.6.16.

Top of Page