Skip to Content.
Sympa Menu

grouper-users - RE: [grouper-users] RE: grouper and workflow / access forms

Subject: Grouper Users - Open Discussion List

List archive

RE: [grouper-users] RE: grouper and workflow / access forms


Chronological Thread 
  • From: "Black, Carey M." <>
  • To: " Mailing List" <>
  • Cc: David Langenberg <>, "Gettes, Michael" <>, Chris Hyzer <>
  • Subject: RE: [grouper-users] RE: grouper and workflow / access forms
  • Date: Tue, 11 Sep 2018 18:16:35 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 128.146.163.15) smtp.mailfrom=osu.edu; internet2.edu; dkim=pass (signature was verified) header.d=osu.edu;internet2.edu; dmarc=pass action=none header.from=osu.edu;
  • Authentication-results-original: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:WPoKCh33GBN3ZHTqsmDT+DRfVm0co7zxezQtwd8ZsesWI/3xwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfVwZKPdec4RS3RHUMhfSidNBpqwYooKA+cHIO1WrZTyp0EWoBW+GweiGf/vxDFLiH/436I60vguHg7d0QM6A94CrG7ZoMnpOKoQV+2+0anGzS/Eb/NTwTrx5pXFchQ7rv6QXrJ8adfaxFc1GAPfkFqRqZHuMTSP2ugDrmOW6PFvVea1hGE7qAF9uCWjytkih4TSgYIV0U3E+T9nz4koON21UUh2asOqHptXsiGVLYp2QsU6Tm51vyY11qAGuYW6fCgFzpQr3QLQa/uCc4WO/xntV/6RLC9miH1/ZL6zmhO//VW9xuHhU8S03llHojZZntTJuHACyRPe5daCR/Z4/EqtxyiD2xjN5uxFP0w4ia/WJ4Ikz7ItjJUfrFjPEyr0lUj0gq+ZakAp9fSr5uv8fLnro4WTOox7hw7iN6kih86yDOY2PwULXWWW+OWx2b/78U33XrpHjeE6n6zcvZ/GOMsUu7W2Dgpb0ok/7xuwETKr3dUEkXQGLF9IfRKKgJbmNlzIPfv2F+2wg062nzdu3/3GPqPuApHKLnXbiLnsYbFz51JTxQYq0N1R/5xZBqgGIP3oRED9rtvYDgIlMwOvxObnFdN92Z4EVWKXGK+ZN7/SvkGU6eIzIumMY4kVtCz6K/g4+/7uiXg5mVgefaWzwZQXb3W4EuxnI0Wff3Xsns8MHXkQsQYiUeDnjUCOXSNOa3u3UaIx6S03BJ6jAIfNWI+gj6KO0SK+E5BUeGxKFEiAEXLyeIWFX/cMZjiSIshkkjEcTrehT5Uu2g2ttAPg1rZrMOTZ9zYftZL4ydh5/fPcmgwv9TBsFcSSz3mNT31onmMPXzI207p/oUtgylebz6d4meVUFcFI5/xXSAc6LoXRz+h7C9DpRgLBZcmFREynQtWgHTE+UMgxw9kQbEZhBdmulA7M0De3A+xdq7veTpMu9b/E0mK0Ot1w0W3u1a89gkMgT9cVc2Cqm+Za/gnXBojG22GYjLrgPfATxinQ7GqZiHeVsVtDeA92TajfW30DPA3bocmvtW3YSLr7Q54jOwBCjYapI7FHe5XMyx8OEP3nMd/dJTvrwE+3HgvOy7+ROtm5M14B1TnQXRBX2zsY+myLYE1nXnn7+TDXESBuGFTzYkjl7eh5rjahQ1Qpyx2RNhw4haGt9EsNjOeHA7MI07QItT1pig08HU31hoiGTYPc+Uw4Iv4aOI58hTUPzmfFr0p4N52kIbplgwsZaBkxsk/zhF12DJlNi84nsClswQZveuqU01JEIiuRxou4eqbWJW/74A21ZubJ00qWztuM+6kO5fh5zjervAygGkc4tXky1MJIlXaQ+8bLChYfS5T8Thxx+hRn9PnWZyAn7NbM3GZ3eaC/rj7F3YcvA+0oghatdttSKuWKDgj3RsoBGo6jJPF5lg==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

NOTE: I am not a lawyer. And I don’t play one on mailing lists.

 

I don’t really get the “added value” of these “E-signature” services.

I am sure there is some legal definition out there that makes this matter more than I think it should.

                IMHO:   “Signature” ( should )  = “Authenticated and they clicked ‘Yes/Accept/Agree/Make it so/etc…./No/Deny/etc…’ at this time. “

 

If you agree with that:

                Then this seems to become a “process” of a series of “messages to the next group(s) to do the next step(s)”. ( Which the “DocuSign” services do with email and links.)

                Yes the “process” can get complicated (only one must approve, all must approve, etc…) but that can be done with group math models.

                The “punch line” of the process (normally) is “when enough ‘Yes’ votes are recorded’ then and only then the Member “is permitted”.

 

 

IMHO:

The valuable part to me is the definition of the “process” (Group math.. order of flow, gates, etc…) and the end result that grants (or not) the user’s access.

                Maybe I am under thinking the complexity of the process model and not seeing how it could be modeled in Grouper?

 

 

Maybe grouper could:

1)      Have a way to tag a group such that when a membership is added an email is sent to a list of “next group(s)” members and/or admins? (To request the addition of “the member” to the other group(s).)

        If you want to be really “helpful” send a link in the email ( with the Member and “next group” in question ) so the email recipient “opens the UI at the Add Membership UI” with the right values.

                ( To cover some of the “Why” questions…. )

2)      When a Membership is added, maybe there could be a “Why are you adding this membership?” text blob on the membership. ( Think Membership Description field. Maybe make it optionally required based on the group meta properties? )

3)      Add a “Deny” button (to this new UI page) and other “group members and/or admins” (from the source list) could be emailed that “User Bob denied Member access” ( So others can not bother to approve/deny. )

 

Then use the grouper audit data as “proof” (by time and person) granted/denied decisions.

 

Wouldn’t that be (about?) the same thing without the external dependencies/costs?

 

--

Carey Matthew

 

From: <> On Behalf Of David Langenberg
Sent: Tuesday, September 11, 2018 9:00 AM
To: Gettes, Michael <>
Cc: Chris Hyzer <>; Mailing List <>
Subject: RE: [grouper-users] RE: grouper and workflow / access forms

 

Thanks Michael for getting to the root of the issue.

 

Dave

 

--

David Langenberg

Asst Director, Identity Management

The University of Chicago

 

From: Gettes, Michael <>
Sent: Monday, September 10, 2018 1:41 PM
To: David Langenberg <>
Cc: Chris Hyzer <>; Mailing List <>
Subject: Re: [grouper-users] RE: grouper and workflow / access forms

 

If you agree it can be done with GSuite and O365 then this is really all about the capability to integrate with forms/signing/workflow products and not so much about which one.  As long as this is done in a fashion making it easier to integrate the bevy of these products, I’m all for it.

 

Thanks Chris!

 

/mrg

 

On Sep 10, 2018, at 2:35 PM, David Langenberg <> wrote:

 

Ok, I see the desire, still, I’m not 100% sold on the docusign thing, esp when you can do the same thing free with GSuite (Forms+AppsScripts) or O365 (Sharepoint + Flow).  How hard would it be to put in special Grouper support for those non-subscription-ish (yeah yeah O365 is not free) instead?  Would those meet the need?

 

Dave

 

--

David Langenberg

Asst Director, Identity Management

The University of Chicago

 

From: Hyzer, Chris <> 
Sent: Monday, September 10, 2018 12:51 PM
To: David Langenberg <>;  Mailing List <>
Subject: Re: grouper and workflow / access forms

 

 

> From: Greg Haverkamp <>

 

Hellosign is interesting, thanks for mentioning

 

From: David Langenberg <>

 

> Other than “gee, isn’t this neat?” what’s the use-case? 

 

We have a lot of use cases.  e.g. Someone wants access to warehouse student data, they fill out a form, their manager approves, the data steward approves, gets routed to something automatic or to someone to grant something.  Should also be put in Grouper either way.  We are implementing a new student system and they have a lot of requirements like this.  Its nice to have a paper trail of who requested access, when, who approved it, when it was granted, etc.  Sometimes the form needs comments about why access is needed, maybe some qualifiers like which rows or columns of data to see, etc.

 

Ive been thinking about a built-in way to do this, and I think it needs some sort of form. We could do this with PDFs in S3 buckets but it seems a little clunky and users would have an easier time with something like Docusign or Hellosign, and we wouldnt have to make all the stuff that manages the forms when done...

 

thanks

Chris

 


From: David Langenberg <>
Sent: Monday, September 10, 2018 1:19 PM
To: Hyzer, Chris;  Mailing List
Subject: RE: grouper and workflow / access forms

 

Other than “gee, isn’t this neat?” what’s the use-case?  I know Docusign is a Net+ offering, but it’s definitely not on a deployment level that, say, Duo or AWS is.  Wouldn’t it be easier (and cheaper) to just extend attestation to include a more robust approval workflow with approvals stored in the grouper audit logs?

 

Dave

 

--

David Langenberg

Asst Director, Identity Management

The University of Chicago

 

From:  <> On Behalf Of Hyzer, Chris
Sent: Monday, September 10, 2018 11:36 AM
To: 
 Mailing List <>
Subject: [grouper-users] grouper and workflow / access forms

 

Im not 100% sure it’s the right choice, but hypothetically lets say we integrated Grouper with Docusign.

 

- Someone clicks on a form in the Grouper UI

- It calls a Docusign API to setup an instance of the form

- User fills out basic form fields and e-signs the document

- The approvers at various roles would be sourced from groups (e.g. the student-data steward group [registrar]).  One from each group signs the form

- At the end the requestor would be added to a group or groups

- Docusign stores the history of the forms

 

I don’t know if they have discounts for higherEd/nonprofit, but it seems like the cost for this would be for the Basic API, about $1/form ($600/year for 500 forms/year) or ($5k/year for 6k forms/year)

 

 

Might need to buy some user licenses to make/manage forms: ($1k for 2-3 users depending on standard or pro)

 

 

Who would be interested in using this if we integrated with Docusign?  Any other ideas for forms/workflow products where the licensing is reasonable and there is a full featured REST API?  We would try to make this pluggable of course…

 

Thanks

Chris

 




Archive powered by MHonArc 2.6.19.

Top of Page