Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Role and Permission attributes

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Role and Permission attributes

Chronological Thread 
  • From: "Klug, Lawrence" <>
  • To: "" <>
  • Subject: [grouper-users] Role and Permission attributes
  • Date: Thu, 5 Jul 2012 15:31:07 +0000
  • Accept-language: en-US

Hi Chris,


We are defining our long-term access management strategy with Grouper.  We have tested “eduMember” for transmitting membership info through Shibboleth.   Roles and Permissions are internal Grouper attributes that would not live in the Enterprise Directory(?)   Trying to focus on exactly how Roles and Permissions attributes can be consumed by a University Web application now and in the future.






From: Chris Hyzer [mailto:]
Sent: Saturday, June 30, 2012 6:43 AM
To: Klug, Lawrence;
Subject: RE: Role and Permission attributes


We have two examples where we sync all the permissions to the application since it does DB joins on the assignments, or we dont want grouper as a performance bottleneck or a runtime dependency.  The change log consumer and grouper client handle real time updates (tells it to do a full resync)

(no sound)

(no sound)


From: [] on behalf of Klug, Lawrence []
Sent: Friday, June 29, 2012 5:18 PM
Subject: [grouper-users] Role and Permission attributes

We created a simple demo app to consume isMemberOf attribute via Shibboleth and make a few simple Web Service calls.  It works fine.  What if we want to use Role and Permission attributes?  How would they be transmitted to the Client application?  Could they be released as Shibboleth attributes or direct Web Service call?   What are other universities doing?






Archive powered by MHonArc 2.6.16.

Top of Page