Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Materials relevant to today's WG agenda

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Materials relevant to today's WG agenda


Chronological Thread 
  • From: Keith Hazelton <>
  • To: mace-dir <>
  • Cc:
  • Subject: [grouper-users] Materials relevant to today's WG agenda
  • Date: Mon, 18 Jun 2012 08:25:09 -0500

1) Re the experimental object class, x-eduPerson and the trial attribute, eduPersonPrincipalNamePrior, see the draft specification, x-eduPerson (201206) linked at the top of Current Activities on the MACE-Dir wiki page:


2) Re representing Grouper permissions in LDAP or SAML:

One avenue is to start from the fact that the permission-related APIs and web services delivered by Grouper include methods that could be considered a form of Policy Decision Point (PDP).  So one question becomes a choice of models between figuring out a way to pass (relatively complex) Grouper permissions as SAML attributes one the one hand and having SPs invoke a PDP service via Grouper web service calls.  To my understanding, little if any of the machinery to support the second model is in place at present.  

The question of representing permissions in LDAP is a different matter. Perhaps a good starting place for that discussion would be to identify characteristic use cases that might rely on such a practice.

For an example of what a Grouper permission looks like in serialized form, see the json example included in:


(re-concatenate the above URL before attempting to resolve it).

3) I am working on eduPerson (201203a), the errata version of eduPerson (201203) with updated language in the notes to phone number and address attributes.  If I complete that before the call, I'll send out a notice.

Attachment: PGP.sig
Description: This is a digitally signed message part



  • [grouper-users] Materials relevant to today's WG agenda, Keith Hazelton, 06/18/2012

Archive powered by MHonArc 2.6.16.

Top of Page