grouper-dev - RE: [grouper-dev] RE: external users progress
Subject: Grouper Developers Forum
List archive
- From: Chris Hyzer <>
- To: Tom Barton <>, Grouper Dev <>
- Cc: Benn Oshrin <>, Steven Carmody <>
- Subject: RE: [grouper-dev] RE: external users progress
- Date: Tue, 26 Oct 2010 16:01:45 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Im curious about the invitation with group provisioning...
If you are sending a UUID in a plain text email, and that UUID means that
whoever clicks on the link and logs in (with whatever credentials... protect
network?) will get access to resources, isn't that a serious security flaw?
I know it is more convenient to do that, but it seems like it could be a
problem as long as email is untrusted. Maybe a registration page where when
the user registers it automatically emails whoever invited the invitee so
they know they can add them to the group, and if they see an EPPN which
doesn't look right (i.e. I thought that external person's school is in
incommon) then they can scrutinize it...
I guess there isn't an easy way to remove email from this process, but just
thought I would ask.
Thoughts?
Thanks,
Chris
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Barton
Sent: Tuesday, October 26, 2010 11:44 AM
To: Grouper Dev
Cc: Benn Oshrin
Subject: Re: [grouper-dev] RE: external users progress
Chris,
It would be good for you & Benn Oshrin to discuss this in connection
with what comanage may need.
Speaking for myself, ie what I think uchicago would need to get started,
invitation with group provisioning is the sweet spot. With that I can
see independent collaborations around campus using this to invite their
colleagues to use their resources.
Tom
On 10/26/2010 8:30 AM, Chris Hyzer wrote:
> I put a screenshot of the self service external users screen on the
> wiki. Im hoping we can do the screens in phases... i.e. if you are
> planning on using the Grouper external users feature in 2.0, do you need
> more than a self service screen? In 2.1 we could add an admin UI, and
> an invite only UI, etc. without the admin UI, administration could be
> done with GSH.
>
>
>
> https://spaces.internet2.edu/display/GrouperWG/Grouper+external+users
>
>
>
> Maybe we could discuss in the dev meeting.
>
>
>
> Thanks,
>
> Chris
>
>
>
> *From:*Chris Hyzer
> *Sent:* Thursday, October 21, 2010 3:06 AM
> *To:*
>
> *Subject:* external users progress
>
>
>
> Here is the progress on Grouper external subjects. The API part is
> done, next is UI.
>
>
>
> https://spaces.internet2.edu/display/GrouperWG/Grouper+external+users
>
>
>
> Let me know any feedback.
>
>
>
> Thanks
>
> Chris
>
- [grouper-dev] RE: external users progress, Chris Hyzer, 10/26/2010
- Re: [grouper-dev] RE: external users progress, Tom Barton, 10/26/2010
- RE: [grouper-dev] RE: external users progress, Chris Hyzer, 10/26/2010
- Re: [grouper-dev] RE: external users progress, Tom Barton, 10/26/2010
Archive powered by MHonArc 2.6.16.