Goal/Problem Space
Provide a one paragraph description of what your project is trying to accomplish.
Grouper manages groups and helps to manage the naming of many things. It supports delegation and distributed management, and takes a component-based approach to enable it to be integrated with a wide range of existing identity management systems and applications.
Features
Provide a brief inventory of the major features/out-of-the-box functionality provided by your project.
Direct & indirect membership, group math, several modes of delegation of naming and group management privileges, WS-* and RESTful web services interfaces, loader to dynamically maintain memberships in sync with source systems, LDAP provisioning connector, java API, command line API, UI for grouper system administration, client for command line integration with relying application management.
Technology Stack
Provide a brief inventory of major technologies your product is built on/uses. eg: Java, Spring, etc.
java, hibernate, struts, ehcache, apache axis, apache rampart, xstream, among others.
Identity Services
Please indicate which of the following identity services/transports you consume, produce, or define.
Managed Information |
Consume? |
Produce? |
Broker/Convey? |
---|---|---|---|
Privileges |
X |
|
X |
Roles |
X |
|
X |
Groups |
X |
X |
X |
Attributes |
X |
X |
X |
Identification |
X |
X |
|
Defined Interfaces |
Consume? |
Produce? |
Broker/Convey? |
Authentication |
X |
|
|
Attributes |
X |
|
X |
Permissions |
X |
|
|
Provisioning |
X |
X |
|
Authorization |
X |
X |
X |
Subjects |
X |
X |
|
Other |
Consume? |
Produce? |
Broker/Convey? |
Standards and Interfaces
For the items you indicated in the previous question, standards/protocols/interfaces/etc do you support? eg: SAML, LDAP, etc.
The grouper API defines java interfaces for setting grouper's internal security roles from external sources. Grouper UI relies on the servlet container or CAS for authentication. Grouper Web Services rely on the container or on WS-Security defined interfaces as implemented by Apach Rampart. Grouper relies on the Subject API to gather identities to be managed, and provides a Subject interface so that other programs can gather groups-as-subjects. Grouper gathers Subject attributes via the Subject API. Grouper also gathers attributes by SQL access to source systems. Grouper provides information about groups and memberships via several interfaces, including java, WS-* and RESTful web services, LDAP, XML, and command line.
Issues and Challenges
Please briefly describe any issues or challenges you may have with integration of identity services.
It's tough to resist replicating Subjects into the grouper database, ie, to force ourselves to not take that easy way out of ensuring good perfomarnce. Ditto with managing grouper's internal permissions.
More Information
Provide links to additional documentation about your project.