“It’s not just about SAML federation, it’s about enabling high-value collaboration across thousands of disciplines and millions of people. Hence agreement on attribute and authorization management, application integration, administration procedures, workflow, privacy management,...”
- RL "Bob" Morgan
Access management capabilities in higher education and research tend to be a mix of institution specific custom solutions, whether they are built on in-house frameworks, proprietary closed-source “solutions”, or open source toolkits like Grouper.
What if, instead of every institution having its own special sauce there was broad agreement on access management strategies, vocabulary, and assumed capabilities? What if, we could drive “federation” deeper into institutional Identity and Access Management (IAM) practices and more easily enable high-value collaboration across thousands of disciplines and millions of people?
Grouper provides distributed access control governance, fast flexible provisioning integrations, along with robust auditing and reporting to answer who, why, when, and how someone has access to a resource. The Grouper project maintains documentation and training materials on the Grouper wiki mostly in the form of administration guides, community contributions, and training videos. These materials do a very good job of providing reference materials, and a variety of deployment and use case examples. However, for the uninitiated it is not always clear where to start and how to stay on the right path. Additionally, many configuration choices and deployment options are left for the deployer to decide. This has led to deployments which have tended towards similar functionality, but often diverge considerably in approach, terminology and implementation.
This deployment guide distills a variety of community practices represented in group and folder design ideas and the various deployment examples in community contributions into a common community approved approach. Harmonizing Grouper deployments with common practice, vocabulary and IAM strategies will make it easier for the community to work together toward common objectives and improve Grouper more quickly over time. It will also enable new and existing Grouper deployments to more easily benefit from community experience, achieve access management goals more quickly, and work together to build robust IAM capabilities based on the InCommon Trusted Access Platform.
The goal of this guide is to help you come up to speed on Grouper concepts, how they relate to identity and access management, and how they can be deployed to implement effective access control in a wide variety of situations.