Grouper Users - Open Discussion List

[Shaun Koh <>]

Hi Chris,

 

That is awesome and yes, it meets our requirements. – our Security team and the Grouper PM are delighted, thanks !

 

Best Regards,

Shaun K.

 

From: Hyzer, Chris [mailto:]
Sent: Wednesday, 8 February 2017 8:17 p.m.
To: Black, Carey M.; Shaun Koh
Cc: ; Blair Christensen
Subject: Re: [grouper-users] RE: Group Verification/Recertification Audit Trail -- Feature Request

 

Does this capture what people had in mind?

 

https://spaces.internet2.edu/display/Grouper/Grouper+attestation

 

Thanks,

Chris

---

From: Black, Carey M. <>
Sent: Wednesday, January 25, 2017 12:24:32 AM
To: Shaun Koh; Hyzer, Chris
Cc: ; Blair Christensen
Subject: RE: [grouper-users] RE: Group Verification/Recertification Audit Trail -- Feature Request

 

Another approach to “email till validated” would be to treat the group as “expired” at a “date”. 

   Like a user’s membership in a group can expire, maybe the whole group could be expired?

   ( So any query of membership for the expired group would return an empty set.)

   I would not want to “drop”(delete) the group or the members memberships, but rather, just have the group “not able to be used” until it is certified again.

 

  Sometimes sending email is not enough… Sometimes, you actually need to “turn it off”.

 

Might also be a good way to “time lock” multiple memberships. (expire a group-C that is  a members of another group-B, instead of setting the expiration date on all the “right” Members of group-B.) That way you could set it in one place and effect all of group-C being in group-B. To make extensions/early retirement easier.

 

--

Carey Matthew

Office of the Chief Information Officer (OCIO)

Identity and Access Management – Security Engineer-Lead

614-292-6079 Office

 

From: [] On Behalf Of Shaun Koh
Sent: Tuesday, January 24, 2017 5:32 PM
To: Hyzer, Chris <>
Cc: ; Blair Christensen <>
Subject: RE: [grouper-users] RE: Group Verification/Recertification Audit Trail -- Feature Request

 

Hi Chris,

 

What you’ve outlined seem to work for us though we would prefer the emailing to be an optional flag.

 

Also, a secondary filter would probably be handy to filter grouping of groups with the recertification flag set. – e.g. to view the recertification status for all groups within a specific stem or group

 

Let me know if the above made sense.

 

Best Regards,

Shaun K.

 

From: Blair Christensen []
Sent: Wednesday, 25 January 2017 3:13 a.m.
To: Hyzer, Chris
Cc: Shaun Koh;
Subject: Re: [grouper-users] RE: Group Verification/Recertification Audit Trail -- Feature Request

 

We've had a couple of requests @ uchicago for that precise workflow.

 

 

On Mon, Jan 23, 2017 at 7:33 PM, Hyzer, Chris <> wrote:

How would that work?

 

-          Configure a group or stem with a number of days that groups need to be recertified

-          When that time elapses email the admins of the group or a specified list every day until it is done

-          Have a button in the UI to mark the group as recertified

 

Thanks,

Chris

 

From: [mailto:] On Behalf Of Shaun Koh
Sent: Monday, January 23, 2017 5:16 PM
To:
Subject: [grouper-users] Group Verification/Recertification Audit Trail -- Feature Request

 

Hi there,

 

I am wondering if there was any thought of having an audit trail for group verification/recertification ?

 

In particular, we currently have some high risk/value groups that we would like to know when the owners have last reviewed or updated (and perhaps send them a friendly reminder when required).

 

Is this something that you may be interested to implement ? – or does this feature exists and that I am just not aware of

 

Best Regards,

Shaun K.