I think we need 3 substantial features in Grouper 2.2 to make this happen.
1. We should allow attributes to be assign to attribute names (and assignments on attribute names). It would be nice to be able to assign metadata about a service to the service name. I think we will need this anyway to be able to assign metadata to
permission names. e.g. since the permission namespace has character restrictions, an attribute should be able to be assigned which contains the unrestrained information. I dont have a real use case, but could easily imagine one :)
2. We should not allow for the implementation of the grouper privilege interfaces outside of Grouper. I dont think anyone has done this, or will do it, since it will make the performance of Grouper tank, and some things will be not possible (e.g. give
me the first page of 50 groups a user can view in one query). This is because we need to be able to page through the list of services for a user which might exist due to a privilege the user has in a group tagged by the. service. Without the grouper privilege
interface, it is trivial. We should document that to externally manage privileges, you need to provision into the Grouper data structures.
3. We should implement the stemSet table. This gives a link to all stems and their parent (and thus grandparent etc). This isnt really related to services, though the UI should be able to easily see which top level folders apply to the user (and page
through them), and with the stemset table it is an easy query. This could be for browsing for for a tree control.
From: Chris Hyzer
Sent: Sunday, March 25, 2012 2:30 AM
To: Grouper Dev
Subject: organizing services in Grouper