Skip to Content.
Sympa Menu

grouper-study - Re: U-M's TIER CSP Grouper Project Plan

Subject: grouper-study

List archive

Re: U-M's TIER CSP Grouper Project Plan


Chronological Thread 
  • From: Aimee Lahann <>
  • To: thompsow <>
  • Cc:
  • Subject: Re: U-M's TIER CSP Grouper Project Plan
  • Date: Thu, 7 Dec 2017 15:52:47 -0500
  • Ironport-phdr: 9a23:Q71wIhG+EbwvGsV97L6ASZ1GYnF86YWxBRYc798ds5kLTJ7zpMSwAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VjO/4ad2Ux/okDkIOCIl8G/ZjcxwibhUoBOnpxdix4LZb4WYOP94c6jAf90VWHBBU95TWCxPAo2yYYgBAfcfM+lEtITyvUcCoAGkCAWwGO/iyDlFjWL2060g1OQhFBnL0RAhH9ILrnvbssj+OqEIXuC11qbIyzPDZO5R1Djn6YjIdw4uru+IXb1udMrc0lQvFwbEjlqMqYzpJS2a2fkQs2WC6edrSOyhi2kiqw5rozivwN8hiobOhoISxVDE8Tt2zJwpKt2/TU52Z8OvHphItyyCKYd7Q98uTmNttSY0ybAJooK3cS0FxZg72xLSZfmKfJSU7hLtUeucJCl0iGx4d7+5mh2861KvyvfmWcmxyFtKrjRKkt3Ltn0V0hzc8MmHSv9k8kemxTaDyxnf6+5aLUwqiKXXMZEhwrk3lpoctUTMADX6l1nxjK+Tbkkk++6o5Pr7Yrj+uJORNpN4hwP7P6QgmcGwGvg0Pw0BUmSH5eix2rju8lHlTLVEi/A7l7fVvI7HKsgDo662GQ5V0oIt6xalCDem1cwVkmMGLFJAZh2IkYzpNE/LIP3jEPe/hlWsnytrx/zcILLuH4jNImDZkLj9ZbZ991JcyA0rwNBQ/ZJUDawBIOrtVU/rrdDYFQM5MxGpzOfnE9h90oIeWXmTAq+CLq/eq16I5uQzI+aSfo8VvijyK+Q76/L0k3A2hEIdLuGV2s4LaHe9Bu9hPA3NfXrrh88aFngiugMwRf3nlEGPFzNfeiDhcbg742QSCYerAM/nT4CkhrrJiC66G5BbYm1DIk2JEHzoMYiIRqFfO2qpPsZ9n2lcBvCaQIg72ETy5QI=

Thanks, Bill. Your feedback is helpful.  

Do you have any documentation about your approach to Grouper security?  We are interested in learning about security in the context of limiting who can see which group members - especially in the case of course groups due to FERPA regulations. Security concerns are one of the reasons we are first exploring only departmental groups with staff members. We would be interested in helping to refine the security piece of the Deployment Guide.

How are you receiving your use cases/ policy requirements?  Are administrators in departments and/or application owners contacting you/your staff directly with requests?  Do you create the reference groups, build groups from them according to end-user requirements and then provide end-users an interface to include or exclude members to the group?  What are some of your use cases?  How did you begin? Could we talk to you more about this?

We would like to provide data-driven groups that are useful to users to create access control groups. Somehow we are a little stuck analyzing what reference groups are useful and how to offer groups to whom.  

Now you have opened the floodgates...

Thanks for your help!
Aimee



On Wed, Dec 6, 2017 at 4:32 PM, thompsow <> wrote:
HI Aimee,

The workstreams look reasonable. Our original implementation took about 3 months calendar time to implement a very specific use case (VPN access).  Since then, we have let our use cases/policy requirements drive any additional basis/ref groups that we have added.

I wouldn’t worry too much about getting all the basis/ref groups right at the start. These are fairly easily to refactor in Grouper. Recommend focusing on a specific access policy and start with that.

One thing you'll want to give some thought to is the security model for Grouper itself. This isn’t discussed much in the Grouper Deployment Guide. Might be an opportunity for us to refine that and include something in the next revision.

Best,
Bill


On Dec 6, 2017, at 3:19 PM, Aimee Lahann <> wrote:

Hi.

We would like to share U-M's plan for our CSP Grouper project with the Grouper cohort for feedback.  The Google document, TIER CSP Grouper Project Plan -DRAFT is currently a list of workstreams with milestones/tasks. Our original intent was to focus on identifying the work involved. Dependencies and order of operation are not yet noted. However, we have made time estimates for each workstream.

We would love to see others' Grouper project plans so we can learn how to improve our own.

(I apologize if you already received this email already.  I realized I originally sent it to the umich grouper study email group instead of the more recent Internet2 group email.)

Thanks!

Aimee Lahann
ERP Business Systems Analyst Senior
Identity and Access Management Team
University of Michigan





--

Aimee Lahann

ERP Business Systems Analyst Senior

Identity and Access Management Team

University of Michigan

(734) 764-5641





Archive powered by MHonArc 2.6.19.

Top of Page