Grouper Developers Forum

[Tom Barton <>]

Colleagues,

For those not on the grouper-dev call yesterday, we spoke about Chris'
design for implementing Entities within Grouper. If you haven't been
following that thread, the purpose is to map security credentials
presented by automated processes into Subjects (or Entities) so that
their access to selected Grouper objects can be managed (the usual
alternative is to have them act as GrouperSystem). Of course, some sites
may already be able to present such credentials as a Subject Source, and
they wouldn't need to use this feature. But for those that don't, this
would provide a solution.

Chris realized that to ensure that distributed people using Grouper
couldn't produce the same Subject for different automatons, each Folder
must be capable of providing its own Subject Source for any Subjects it
contains. A simple way to do that is to use the Folder's pathname as the
SourceId for each Subject in that Folder.

So, to solve the problem of managing automatons' access to Grouper data,
we're planning to enhance Grouper to be able to be the provider of any
number of Subject Sources, and Grouper's delegation model will apply to
this capability just as it does to other objects managed by Grouper.

I call attention to this here because I suspect that this capability
could be used far more widely than just for the motivating use case, and
I ask the wider grouper-dev community to help us anticipate what that
might bring. Are there other use cases you think this capability would
be a good match for? Are there use cases for which using this capability
might be a bad idea?

Cf.
https://spaces.internet2.edu/display/Grouper/Grouper+user+managed+entities

Thanks,
Tom