Grouper Users - Open Discussion List

["GW Brown, Information Systems and Computing" <>]

--On 22 December 2010 14:45 -0500 Emily Eisbruch <> 
wrote:

> [AI] (Gary) will send a note to Rob and the Grouper-users list regarding
> using pointers to or incorporating existing Grouper intro material in the
> Grouper book
When I first looked at Rob's Grouper Book I thought it dived straight into 
a relatively low-level discussion of groups where a more high-level 
introduction would work better. The main Grouper Website has a couple of 
PDFs which give high level reasons (IAM and Collaboration) for using 
groups. More of this material could be used - or links to the PDFs included.

Below is an outline of how I would approach this section. Of course the 
best approach depends on the audience and so it may be best to have 
different entry points for different audiences - effectively different 
table of contents:

Introductory Information

What problems is Grouper trying to solve?
Groups are used widely by systems to control access to resources and to 
enable collaboration. Unfortunately, most systems manage groups in 
different ways using distinct representations and providing  a range of 
capabilities and interfaces. Often essentially the same groups are 
duplicated in different systems and maintained independently. This approach 
leads to a number of issues:
1) Security issues because access to resources may not be removed in a 
timely manner (or at all)
2) Reduced efficiency because
a) individuals do not have access to systems required to perform their 
roles in a timely manner
b) the same operation must be carried out in multiple systems by different 
administrators
3) Increased complexity due to multiple integration points between systems 
where efforts are made to share data

What does Grouper do?

Grouper is designed as a consistent, enterprise-wide groups service that 
allows:
1) creation and management of ad hoc groups in a single place
2) groups to be imported from systems-of-record
3) new groups to be created based on existing groups
4) synchronisation of group information with linked systems in near 
real-time
5) grouping of arbitrary entities including people
6) fine-grained control of who can view and/or modify groups

A full list of features is available...


Technical overview of Grouper

Grouper is written in Java and maintains a groups repository using a 
relational database i.e.
   *  MySQL
   * Oracle
   * Postgres
   * Microsoft SQL Server
   * HSQL (an embedded Java database)

A number of interfaces are provided:
1) Native Java API
2) Read-only SQL interface (via database views)
3) Webservice (SOAP and REST)*
4) Web interface*

*Require a Java application server, such as Tomcat.

A number of tools are also provided:

1) GSH
 a) a shell script-like interface
 b) exporting and importing group data as XML
 c) high-level manipulation of the group repository
 d) invocation of other tools

2) GrouperClient (a convenient command line tool for exercising the 
webservices)

3) GrouperDaemon is provided as a server component which can schedule a 
variety of tasks e.g.
a) Data loading from systems of record
b) Notification housekeeping
c) Application of rules
d) Provisioning of data to external systems

4) LDAPPC-NG is a rule-based engine for synchronising data in Grouper with 
LDAP directories

Diagram to show how things fit together.




----------------------
GW Brown, Information Systems and Computing