Skip to Content.
Sympa Menu

grouper-dev - [grouper-dev] Re: [Shib-Dev] 7/4 Meeting Agenda

Subject: Grouper Developers Forum

List archive

[grouper-dev] Re: [Shib-Dev] 7/4 Meeting Agenda


Chronological Thread 
  • From: Tom Zeller <>
  • To: , , ,
  • Subject: [grouper-dev] Re: [Shib-Dev] 7/4 Meeting Agenda
  • Date: Thu, 7 Apr 2011 08:07:07 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type :content-transfer-encoding; b=hWhSC7m6I8ioqUpBxvUDHevyodg4wTBbG2+g0ixXmEYt6d5h7TD4Lsg0j4I/SvyBUu oHzeNyVjN8Z4xcwVqzIVdBwp/4cO0owWK92XDuRNm3Hwq8ptQzwQTvJYfM+pwVx2fEEv Lbf6dw0waxL3m8AJK/Wucl5i+hgG7LRlCncZg=

>  - AOB

[massive cross-posting]

Per last shib-dev call, I was supposed to write up thoughts regarding
an ldap interface to the attribute resolver.

Given a reasonably simple, generic, and implementable search api
across a variety of sources, e.g. idp - attribute resolver - ldap and
rdbms data connectors, is a search enabled idp realistic ? (where
"idp" means an attribute resolver accessible over saml, maybe ldap,
maybe maybe spml)

A search enabled "idp" could be a source to grouper for subjects
(members), enabling federated groups. With an ldap interface, a
searchable federation of "idp"s might enable a virtual federated
directory, directly or through provisioning.

A recent thread (Gary Cole @ Oracle) on the oasis pstc explores
simplifying search. In general : "search name1 == value and name2 !=
value2 and name3 starts_with foo" might comprise reasonably
implementable search functionality.

I can imagine a potential collaboration between the sstc and pstc, as
well as a joint conversation between grouper and shibboleth (and
fifer-api ?). And then there's access management (paccman) ...

I have included a link to the Directory of Directories for Higher
Education (DoDHE) project, circa 2001, which I hope will point a way
to a federated ldap dit (directory information tree) including groups
and privileges, whether using referrals or otherwise.

TomZ

[1] https://wiki.shibboleth.net/confluence/display/DEV/DCN20110324

[2] http://lists.oasis-open.org/archives/provision/201104/msg00006.html

[3]
http://middleware.internet2.edu/dodhe/ppt-html/DoDHE-Parts/DoDHE-Parts_files/v3_document.htm


  • [grouper-dev] Re: [Shib-Dev] 7/4 Meeting Agenda, Tom Zeller, 04/07/2011

Archive powered by MHonArc 2.6.16.

Top of Page