Grouper Users - Open Discussion List

[Tom Zeller <>]

Oops, a pluton is the intersection of a  plugin and a proton based 
spell-checker :-) And that's ldappcng, i.e. 1.5+

On Aug 22, 2011, at 2:05 PM, Tom Zeller 
<>
 wrote:

> The ldappc pluton architecture is modeled after shib idpv2. There is an 
> existing jira to provide an application specific provisioning target 
> project suitable for eclipse, ala the shib extension.
> 
> (a quick reply whilst I am out of office)
> 
> On Aug 22, 2011, at 8:06 AM, Steven Carmody 
> <>
>  wrote:
> 
>> Sorry for what is likely to be an inane question  ;-)
>> 
>> I'm looking for a high level description of Grouper's support for 
>> permissions...
>> 
>> I've watched the video "Grouper permission assignment screen first pass ", 
>> and that's consistent with what I'd expect to see....
>> 
>> Here's my attempt at describing the model:
>> 
>> A "permission definition" is created, and then someone assigns that 
>> permission to a Role (and perhaps to just some entities while operating in 
>> that role).
>> 
>> "permission definition"s, tho, look like strings ?
>> 
>> So, how are these "pushed" into the target application ? Does ldappcng do 
>> that ? Is it expected that they will be pushed into ldap, and the target 
>> application looks at attribute values to see if someone has a specific 
>> permission?
>> 
>> We have applications that export APIs that allow a provisioning program to 
>> specify which group/role can do VERB on RESOURCE X -- is there some sort 
>> of plugin architecture in ldappcng -- where we provide the appropriate 
>> plugin and something like ldappcng will use our plugin ?
>> 
>> Once again, sorry for the Q -- I assume this has been discussed somewhere, 
>> and I just can't find it.