Grouper Users - Open Discussion List

[Tom Zeller <>]

The ldappc pluton architecture is modeled after shib idpv2. There is an 
existing jira to provide an application specific provisioning target project 
suitable for eclipse, ala the shib extension.

(a quick reply whilst I am out of office)

On Aug 22, 2011, at 8:06 AM, Steven Carmody 
<>
 wrote:

> Sorry for what is likely to be an inane question  ;-)
> 
> I'm looking for a high level description of Grouper's support for 
> permissions...
> 
> I've watched the video "Grouper permission assignment screen first pass ", 
> and that's consistent with what I'd expect to see....
> 
> Here's my attempt at describing the model:
> 
> A "permission definition" is created, and then someone assigns that 
> permission to a Role (and perhaps to just some entities while operating in 
> that role).
> 
> "permission definition"s, tho, look like strings ?
> 
> So, how are these "pushed" into the target application ? Does ldappcng do 
> that ? Is it expected that they will be pushed into ldap, and the target 
> application looks at attribute values to see if someone has a specific 
> permission?
> 
> We have applications that export APIs that allow a provisioning program to 
> specify which group/role can do VERB on RESOURCE X -- is there some sort of 
> plugin architecture in ldappcng -- where we provide the appropriate plugin 
> and something like ldappcng will use our plugin ?
> 
> Once again, sorry for the Q -- I assume this has been discussed somewhere, 
> and I just can't find it.