Grouper Users - Open Discussion List

[Emily Eisbruch <>]

Interest was expressed recently on the Grouper-Users list about the Trust and Identity in Education and Research (TIER) work.  Below is a link to some information (Google docs) on this effort and also instructions on how to subscribe to two relevant email lists.

Best regards,

Emily

Emily Eisbruch, Technology Transfer Analyst

Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749

Trust and Identity in Education and Research (TIER)

We are at the very early stages of TIER formation and are looking for active discussion and interaction among all of the Identity, Technology and related professionals who depend, every day, on pan-institutional Trust and Identity. 

Here’s how you can participate:

Formative and OnGoing Document Collaboration

We are sharing all documentation and current information about TIER through a variety of channels.  For document collaboration, we are using Google Docs:  TIER Components and Architecture (Public)  which contains the living document “The State of TIER” (in PDF and DOCX formats) which will contain the latest Technical “Thinking about TIER” as works-in-progress.  You are encouraged to provide comments and suggest content changes by e-mail or directly in the DOCX document which is in revision tracking mode for that purpose.  Whichever is most convenient for you.

Mailing Lists

As we now move TIER formation discussions into much broader circulation, we have established two new distribution lists to help improve information exchange and discussions about TIER in the community.  Traffic on these lists has been light thus far as many have preferred to correspond with me directly.  We encourage everyone to ask questions openly as much as possible to generate other points of view during these formative stages.

The lists ’ and ’ have been created and are open for subscribers.  You may subscribe by: 

1. Addressing an e-mail message to 
2. Assign the subject (case insensitive): Subscribe <list-name>
   
3. Send! (You’ll receive confirmation of the subscription shortly thereafter)

•  is for all general, non-technical discussions about TIER and may be used to contribute any thoughts about the direction or shape of TIER.  Although this audience will be much broader than the technology and Identity Professional communities, we encourage anyone who wishes to offer their thinking.  Welcome topics include but are not limited to: Descriptions of institutional need, features or functionality that are important matters to consider as the TIER solutions evolve. (Open to Everyone, Authentication Required)
  
  
•  is generally focused on the Institutional Technology Architects and Identity Management professionals.  This list will primarily focus on the implementation goals and technologies required to make identity components work well within and across participating institutions. (Open to Everyone, Authentication Required).

We welcome your participation and please feel free to circulate this information widely to colleagues who may be interested in these community lists.

Regards,

Steve

:: Steven Zoppi

:: AVP, Services Integration and Architecture

:: 

:: Internet2®

:: 6001 Shellmound St Suite 850

:: Emeryville, Ca  94608

:: p: 510 858 0884 ▪ m: 415 279 1650 ▪ f(office): 510 858 0894 ▪ f(digital): 877 313 2002 x708  

:: SJZoppi @ [ Skype ▪ MSN ▪ AIM ▪ Y! ▪ GTalk ]

 

On 10/8/14 12:07 PM, "Edwards, Kevin" <> wrote:

Thanks Steven. That is very helpful information, especially the data flows that you describe below.  

Sounds like I'm missing a lot of relevant information missing EDUCAUSE and the Tech Exchange this year.  I will certainly stay connected to the information about TIER IDM/IAM as it emerges.  Is there an IDM/IAM project group already in existence, or is it too early for that?

Kevin Edwards

University of North Carolina at Charlotte

-----Original Message-----

From: [] On Behalf Of Steven Carmody

Sent: Wednesday, October 08, 2014 10:44 AM

To:

Subject: Re: [grouper-users] Grouper Integration with Commercial Products

On 10/6/14 11:58 AM, Edwards, Kevin wrote:

I'm a new-comer to the list.  I'm curious others experiences with

integrating Grouper into an enterprise IAM framework.

Are you using Grouper as an alternative to commercial IAM products, or

is Grouper one component of an integrated IAM solution utilizing other

commercial/open source/in-house developed components?

Like you, we have a ancient locally developed IAM system (person registry, provisioning). Later this month, we will go live with Oracle OIM as a replacement. We have been using Grouper for a number of years, in production. We have determined that OIM does NOT contain functionality that is any way comparable to what grouper provides. We plan to continue using Grouper.

I would call your attention, tho, to I2's recently announced TIER effort. Over the next few years I2 expects to develop and make available an open source IDM/IAM system. That package will include Grouper as one of the components. There was lots of discussion last week at Educause about TIER. I'm sure there will be even more discussion about TIER later this month at TechX/Advanced CAMP.

At UNC Charlotte, we have embarked on a multi-year effort to replace

35+ years of home-grown utilities, community knowledge, and human

intervention with a commercial product for improved IAM business

practice automation.  As we get deeper into the project, it appears

that the group management features of Grouper are more robust than

what the commercial product currently supports.  Integration between

the two might be the best option.  The Grouper architecture diagrams

show that integration with a separate Identity Management system is

part of the overall scope, but I'm not finding specific references

where Grouper users have actually undertaken that, and I am curious

your experiences doing that.

We currently provide an overnight feed from our HR system (Workday) to Grouper. That feed is used to maintain the memberships of a wide variety of demographic groups; those groups slice and dice our community in a variety of ways. We currently have a real-time feed (via MSG BUS) from our Student system (Banner) to Grouper; this allows us to update Course groups within Grouper in real time. We have a pair of overnight feeds from our HR system and from our Faculty Information System to Grouper; these feeds are used to manage a set of People groups for every Dept.

Our Grouper instance uses a MSG BUS to provide real time updates to several target systems, including ldap, google, and Canvas (our LMS system).

Good luck !