Scribing Template --Friday, Oct 5, 2012 at 1pm, Salon 4
TOPIC: Transitioning from homegrown approach to Grouper
CONVENER: Karolina Maneva-Jakimoska (Montclair State University)
SCRIBE: Sam LaSala (Montclair State University)
# of ATTENDEES: ~15
MAIN ISSUES DISCUSSED
- Montclair State University is looking to move from a home-grown group provisioning system to Grouper. The purpose of this session was to initiate a discussion about how other institutions have switched to Grouper and about how they use Grouper to meet their needs.
- How Grouper is used really depends on what an individual institution's needs are. Grouper is very flexible.
- A popular use of Grouper is to take advantage of its delegation to allow the functional offices to make exceptions to general access rules. For example, the I.R.B office can manage a group to allow them to give VPN access to guests.
- One university uses Grouper as its authoritative source for course enrollment information. This allows them to include T.A.'s that Banner doesn't list as being in the courses.
- One university has a scenario where, for privacy reasons, the list of groups a user is a member of can't be obtained publicly by looking at the user object.
- Use Grouper Loader to bring in groups from an authoritative data source.
- Connectors have been developed to synchronize Grouper groups into LDAP directories and other systems like Google Groups.
- Grouper's changelog provisioner can be used for close to real-time processing.
- There haven't been many use cases for mapping Grouper privileges directly to Active Directory ACL's, but Duke University has done work in this area.
- Access management is a 3 part assignment - permissions, roles, groups/subjects.
- Role permissions can be inherited.
- An Authorization Standard API is being worked on. This will allow applications written in any language (perl, for instance) to take advantage of Grouper-managed privileges.
ACTIVITIES GOING FORWARD / NEXT STEPS
- Some links to get started with Grouper:
- Mailing lists http://www.internet2.edu/grouper/lists.html