Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] federated/provisioned groups mockup

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] federated/provisioned groups mockup

Chronological Thread 
  • From: Tom Zeller <>
  • To: Grouper Dev <>
  • Subject: Re: [grouper-dev] federated/provisioned groups mockup
  • Date: Mon, 30 Aug 2010 17:15:21 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; b=SnQypcsRbH3Oz1Cp8DrCs4sIDy4q5ARQ6phtR0tiH4+v0YDQUX8s/6LwD9T6aRmjJQ ygJkEK4AWJo6KhDqQ5X05mInuFpUP9fuzPGtIpl3wZ826XadT/8Sxl2iPSPFFTAQKE0S 8w4GY9cYIU4hcjHVZ+uAYoiF7nAN/t8mu+N2k=

>> Assume that the Target Federated Grouper is operated by an organization
>> distinct from the Grouper at the left of the diagram. How should the
>> federated agents - Target Federated Grouper's Grouper Connector and
>> Ldappc's PSP - establish connections, ie, identify and authenticate each
>> other, and secure the SPML in some fashion?
>> TomB
> I think we could do web service or xmpp ...  The authn is pluggable in web
> services, and we should have encryption/signing that is pluggable for
> xmpp...  there will probably be an easy way and a more correct/scalable
> way...  This would be a simple web service with an spml payload, I think
> REST seems like it makes sense, though we could wrap in it a soap envelope
> if people want it...
> Chris

I think I'll just agree with Chris :-)

Perhaps in its simplest form, provisioning is merely the release of
attributes. There's some connection with SAML/Shib here that I'm just
not knowledgeable enough about yet. A principal could just as easily
be a group as it is a person, and memberships can be attached to both
(using SPML references as a standard representation). If we've got
federated person registries, federated group registries could use the
same handshakes. That's why we wanted a Grouper DataConnector for
Shib, right ?


Archive powered by MHonArc 2.6.16.

Top of Page