Grouper Users - Open Discussion List

[Tom Barton <>]

A number of campuses have initiated efforts to deploy a Groups 
Infrastructure, a Privilege Management Infrastructure, or both. This is 
relatively new and unexplored territory, involving a host of technology, 
policy, and business practice issues. Given the lack of "best practice" 
information, we all might benefit from sharing our thoughts and 
approaches, as each campus works through the various issues and develops 
approaches that work in its environment.

We invite discussion of these issues to take place on the 
 list. Technical questions pertaining to 
Grouper or to Signet should be directed to the corresponding user 
support list (, ).

Here's a sampling of potential discussion areas:

-- What changes to institutional policies and business practices are 
needed to implement distributed access management systems like Grouper 
and Signet?

-- Who should be enabled to be authoritative for what group or privilege 
information, and what processes should be used to delegate corresponding 
roles in group or privilege management systems?

-- Can different authorities issue conflicting access management 
information?

-- How are groups or privileges represented in production directories? 
How is this affected by the particular directory implementation? How is 
this affected by various applications that use LDAP-based group or 
privilege definitions?

-- Can persons from outside the campus be group members or privilege 
assignees?

-- When should an access management need be handled in its vertical 
context, and when should it be referred to an external access management 
system?

Tom Barton, University of Chicago
Steve Carmody, Brown University
Keith Hazelton, University of Wisconsin - Madison