Subject: Grouper Developers Forum
- From: Emily Eisbruch <>
- To: "" <>, "()" <>
- Subject: [grouper-dev] Notes from Grouper BOF at 2015 Global Summit, 4/30/2015
- Date: Tue, 5 May 2015 19:12:12 +0000
- Accept-language: en-US
- Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;
Notes from Grouper BOF at 2015 Global Summit,
Barton welcomed the group
of interest from the attendees:
Started with Grouper
of Arkansas is are looking at increasing focus on IdM.
control is a big part; looking at Grouper, want to establish centralized roles
of Maryland Baltimore County is looking at Grouper
they have many individual systems w access rights
centralized groups could add efficiency
at TIER and want to be set with Grouper as a lead in to TIER
a campus to easily implement a small use case to get successful
to do the 5-6 things
to get stuff in and get stuff out of Grouper
much reinventing has to happen now
can federated groups be useful?
the community suggest a common naming scheme that's useful to all institutions?
are the use cases?
Researchers at multiple universities need a group for a Virtual Organization (VO)
not a good example for this approach, since LIGO controls our own groups
case could be between LIGO and other astronomy groups; union of LIGO scientists
should be an international conversation
UCLA is provisioning PSP
full transformation the way Shib attribute release does
slice and dice suitable for the target
will contribute this to the Grouper wiki to benefit the community
has a parallel use case with Net+ cloud services
a group membership can have an access control outcome embodied by a token, instead of being in group
can log in with a token
groups in a federated context has challenges
does federated groups really address?
use case is you have the role
to the context, such as Amazon web service
have admin role for this security group
more of a direct assertion of yes you have access
the same thing
out helps in terms of naming
Attribute release can be an issue
you can't get to service because institution will not release EPPN
want to overload the attribute release issue with need to release what groups someone belongs to; Look for other ways to deal with it
have an attribute called “status”
on the Grouper wiki
tried the PSP provisioning approach using SPML, but found it had limitations
will stay, but the Grouper project won't enhance it, limited maintenance
Grouper provisioning approach moving forward will be message based
will support incremental provisioning by reading events off the message queue
Grouper will support bulk reconciliation
sites can continue using their own messaging
to be able to provision to LDAP and AD out of the box
will be a limited internal message internal substrate within Grouper to get provisioning messages to LDAP and AD
Will there be listeners?
Mark your calendar:
is interested in bidirectional sync
Shib integration with a medical center.
connecting w independent orgs, like the med center, auditing on Groups is helpful.
10, 2015 at 2pm ET
Online to focus on Grouper deployment stories
Emily Eisbruch, Work Group Lead, Trust and Identity
office: +1-734-352-4996 | mobile +1-734-730-5749
- [grouper-dev] Notes from Grouper BOF at 2015 Global Summit, 4/30/2015, Emily Eisbruch, 05/05/2015
Archive powered by MHonArc 2.6.16.