Grouper Users - Open Discussion List

[Jim Fox <>]

> Has anyone used group to manage groups of hosts and to link people/groups of 
> people to hosts?

We do a couple of things like that.

1) We allow DNS names as subjects.

The subject database is automatically populated whenever we get
a subject that looks like a dns name and can be resolved to a ip
address.  These subjects are then treated like any other, and can
be members or admins of a group.  Our groups web service allows a
client to connect with a certificate.  The CN from that certificate
is used to identify the subject.

2) We also use groups to augment our database of DNS 'ownership'.

We have a service that tells whether or not a netid (our generid user id)
has control of a DNS name.  To add outside users to that,
for some services only, we define a group, e.g.

  u:admin:dns-owner:some.dns.uw.edu

Members of that group are also considered to be the dns's 'owners'.
This way we can allow, say, 
,
 to manage resources
for the domain, 'some.dns.uw.edu'.


Jim