Skip to end of metadata
Go to start of metadata

Goal/Problem Space

Provide a one paragraph description of what your project is trying to accomplish.

Grouper manages groups and helps to manage the naming of many things. It supports delegation and distributed management, and takes a component-based approach to enable it to be integrated with a wide range of existing identity management systems and applications.

Features

Provide a brief inventory of the major features/out-of-the-box functionality provided by your project.

Direct & indirect membership, group math, several modes of delegation of naming and group management privileges, WS-* and RESTful web services interfaces, loader to dynamically maintain memberships in sync with source systems, LDAP provisioning connector, java API, command line API, UI for grouper system administration, client for command line integration with relying application management.

Technology Stack

Provide a brief inventory of major technologies your product is built on/uses. eg: Java, Spring, etc.

java, hibernate, struts, ehcache, apache axis, apache rampart, xstream, among others.

Identity Services

Please indicate which of the following identity services/transports you consume, produce, or define.

Managed Information

Consume?

Produce?

Broker/Convey?

Privileges

X

 

X

Roles

X

 

X

Groups

X

X

X

Attributes

X

X

X

Identification

X

X

 

Defined Interfaces

Consume?

Produce?

Broker/Convey?

Authentication

X

 

 

Attributes

X

 

X

Permissions

X

 

 

Provisioning

X

X

 

Authorization

X

X

X

Subjects

X

X

 

Other

Consume?

Produce?

Broker/Convey?

Standards and Interfaces

For the items you indicated in the previous question, standards/protocols/interfaces/etc do you support?  eg: SAML, LDAP, etc.

The grouper API defines java interfaces for setting grouper's internal security roles from external sources. Grouper UI relies on the servlet container or CAS for authentication. Grouper Web Services rely on the container or on WS-Security defined interfaces as implemented by Apach Rampart. Grouper relies on the Subject API to gather identities to be managed, and provides a Subject interface so that other programs can gather groups-as-subjects. Grouper gathers Subject attributes via the Subject API. Grouper also gathers attributes by SQL access to source systems. Grouper provides information about groups and memberships via several interfaces, including java, WS-* and RESTful web services, LDAP, XML, and command line.

Issues and Challenges

Please briefly describe any issues or challenges you may have with integration of identity services.

It's tough to resist replicating Subjects into the grouper database, ie, to force ourselves to not take that easy way out of ensuring good perfomarnce. Ditto with managing grouper's internal permissions.

More Information

Provide links to additional documentation about your project.

http://grouper.internet2.edu

  • No labels