Grouper Developers Forum

[Jim Fox <>]

I couldn't think of a reason either.

Jim

> When I see standard AuthZ API, I wonder about that.  Why would CIFER want to 
> try to shoe-horn a provisioning API like SCIM into the space when
> there already exists an AuthZ API in wide use -- OAuth2?
> Dave
>
>
> On Wed, Jul 16, 2014 at 11:20 PM, Chris Hyzer 
> <>
>  wrote:
>
>       I know we are working on 2.2 documentation and support, but I am also 
> thinking about 2.3, I added some tentative items to the roadmap
>       of things I am interested in.  If you have thoughts or other 
> suggestions let us know.  Note, this is preliminary and will likely be
>       prioritized and changed.  Other Grouper team members will be adding 
> their items as well.
>
>        
>
>       https://spaces.internet2.edu/pages/viewpage.action?pageId=14517754
>
>        
>
>       Thanks,
>
>       Chris
>
>        
>
>        
>
>        
>
>       Release
>
>       Item
>
>       Description
>
>       2.3 (tentative)
>
>       Improve folder privileges
>
>       Change folder privileges so that instead of the STEM privilege, there 
> is an ADMIN privilege on folders.  The ADMIN privilege would
>       mean you have all rights to the folder, you can rename it, delete it, 
> change privileges, and effectively every other privilege.  The
>       CREATE privilege would be changed to also include creating folders (in 
> addition to groups and attributes).  And the STEM_ATTR_READ and
>       STEM_ATTR_UPDATE would remain the same.  Note, so the name doesnt 
> conflict with the group ADMIN privilege, the stem privilege will be
>       called STEM_ADMIN.
>
>       2.3 (tentative)
>
>       Improve loader
>
>       Add the ability for the loader to run on multiple nodes to it has 
> better availability.  Also add the option for unresolvable subjects
>       to not cause loader jobs to fail (note, if the source is unavailable it 
> should fail and not remove all members, and it should only
>       allow unresolvables up to a certain configurable threshold)
>
>       2.3 (tentative)
>
>       Finish the new UI, replace admin and lite UI
>
>       Add features into the new UI (from 2.2) so that everything from the 
> admin UI and the lite UI can be performed in the new UI.  Remove
>       the admin UI and lite UI (redirect old links).  Add user based auditing 
> and overall auditing.  Add new features like the ability to
>       easily configure "rules" in the UI
>
>       2.3 (tentative)
>
>       Add remaining attribute/permission operations to WS
>
>       Add ability to manage attribute and permission definitions 100% via the 
> WS.  Currently many things can be done via the WS but not
>       all.  Currently the missing operations can be performed by the UI/API
>
>       2.3 (tentative)
>
>       Standard authorization API
>
>       Define and implement a standard API for authorization.  This is a CIFER 
> effort and might be based on SCIM and might be readonly for
>       2.3.  This would be a web service and might also include messaging.
>
>        
>
>        
>
>
>
>
> --
> David LangenbergIdentity & Access Management
> The University of Chicago