Grouper Developers Forum

[Tom Zeller <>]

>> Assume that the Target Federated Grouper is operated by an organization
>> distinct from the Grouper at the left of the diagram. How should the
>> federated agents - Target Federated Grouper's Grouper Connector and
>> Ldappc's PSP - establish connections, ie, identify and authenticate each
>> other, and secure the SPML in some fashion?
>>
>> TomB
>
> I think we could do web service or xmpp ...  The authn is pluggable in web 
> services, and we should have encryption/signing that is pluggable for 
> xmpp...  there will probably be an easy way and a more correct/scalable 
> way...  This would be a simple web service with an spml payload, I think 
> REST seems like it makes sense, though we could wrap in it a soap envelope 
> if people want it...
>
> Chris

I think I'll just agree with Chris :-)

Perhaps in its simplest form, provisioning is merely the release of
attributes. There's some connection with SAML/Shib here that I'm just
not knowledgeable enough about yet. A principal could just as easily
be a group as it is a person, and memberships can be attached to both
(using SPML references as a standard representation). If we've got
federated person registries, federated group registries could use the
same handshakes. That's why we wanted a Grouper DataConnector for
Shib, right ?

TomZ