grouper-users - [grouper-users] Re: [grouper-dev] Action Items: Grouper call 22-Dec-2010
Subject: Grouper Users - Open Discussion List
List archive
- From: "GW Brown, Information Systems and Computing" <>
- To:
- Subject: [grouper-users] Re: [grouper-dev] Action Items: Grouper call 22-Dec-2010
- Date: Wed, 05 Jan 2011 15:11:24 +0000
--On 22 December 2010 14:45 -0500 Emily Eisbruch <> wrote:
[AI] (Gary) will send a note to Rob and the Grouper-users list regardingWhen I first looked at Rob's Grouper Book I thought it dived straight into a relatively low-level discussion of groups where a more high-level introduction would work better. The main Grouper Website has a couple of PDFs which give high level reasons (IAM and Collaboration) for using groups. More of this material could be used - or links to the PDFs included.
using pointers to or incorporating existing Grouper intro material in the
Grouper book
Below is an outline of how I would approach this section. Of course the best approach depends on the audience and so it may be best to have different entry points for different audiences - effectively different table of contents:
Introductory Information
What problems is Grouper trying to solve?
Groups are used widely by systems to control access to resources and to enable collaboration. Unfortunately, most systems manage groups in different ways using distinct representations and providing a range of capabilities and interfaces. Often essentially the same groups are duplicated in different systems and maintained independently. This approach leads to a number of issues:
1) Security issues because access to resources may not be removed in a timely manner (or at all)
2) Reduced efficiency because
a) individuals do not have access to systems required to perform their roles in a timely manner
b) the same operation must be carried out in multiple systems by different administrators
3) Increased complexity due to multiple integration points between systems where efforts are made to share data
What does Grouper do?
Grouper is designed as a consistent, enterprise-wide groups service that allows:
1) creation and management of ad hoc groups in a single place
2) groups to be imported from systems-of-record
3) new groups to be created based on existing groups
4) synchronisation of group information with linked systems in near real-time
5) grouping of arbitrary entities including people
6) fine-grained control of who can view and/or modify groups
A full list of features is available...
Technical overview of Grouper
Grouper is written in Java and maintains a groups repository using a relational database i.e.
* MySQL
* Oracle
* Postgres
* Microsoft SQL Server
* HSQL (an embedded Java database)
A number of interfaces are provided:
1) Native Java API
2) Read-only SQL interface (via database views)
3) Webservice (SOAP and REST)*
4) Web interface*
*Require a Java application server, such as Tomcat.
A number of tools are also provided:
1) GSH
a) a shell script-like interface
b) exporting and importing group data as XML
c) high-level manipulation of the group repository
d) invocation of other tools
2) GrouperClient (a convenient command line tool for exercising the webservices)
3) GrouperDaemon is provided as a server component which can schedule a variety of tasks e.g.
a) Data loading from systems of record
b) Notification housekeeping
c) Application of rules
d) Provisioning of data to external systems
4) LDAPPC-NG is a rule-based engine for synchronising data in Grouper with LDAP directories
Diagram to show how things fit together.
----------------------
GW Brown, Information Systems and Computing
- [grouper-users] Re: [grouper-dev] Action Items: Grouper call 22-Dec-2010, GW Brown, Information Systems and Computing, 01/05/2011
Archive powered by MHonArc 2.6.16.