Comparative Taxonomy
Comments and feedback are welcome and encouraged. Authenticated users may post comments, or you may send e-mail to <mace-paccman-contact AT internet2 DOT edu>. Instructions for obtaining editing access can be found at http://middleware.internet2.edu/docs/internet2-spaces-instructions-200703.html.
Purpose:
During the EDUCAUSE and Internet2 Advanced CAMP in June 2009, participants suggested that MACE-paccman create a comparative taxonomy that would explore the differences, as well the commonality, between several systems that have importance or relevance to the CAMP attendees and the MACE-paccman community.
The following were suggested as projects to include in this comparison: Grouper, perMIT, Sakai 2, KIM, Kulai Student, IMS, the Spring Security framework (formerly known as ACEGI), Moodle, Sun's Identity Manager, Oracle Identity Manager, XACML.
Proposed Model:
The proposed model is to start with the terms included in the paccman glossary and have someone familar with each project fill in a section of the document that compares and contrast the systems usage of the term with the base glossary definition and the other projects or products.
The act of allowing access to facilities, programs, resources or services to authorized persons (or other valid subjects), and denying unauthorized access. Access Control requires that rules or policies be in place, that privileges be defined, so that they can be enforced. |
|
---|---|
Grouper |
|
perMIT |
The perMIT project's view is aligned with the current definition. |
Sakai 2 |
|
KIM |
|
Kuali Student |
|
IMS |
A security technology that selectively permits or prohibits certain types of data access based on the identity of the accessing entity and the data object being accessed.Note 1 |
Spring Security |
Spring security's usage of "access control" is well aligned with the current definition. |
Moodle |
|
Sun IDM |
|
Oracle IDM |
Oracle IdM uses the term "access" instead of "access control", but the definition is otherwise well aligned. |
That part of Identity Management comprising the processes and tools used to associate privileges with subjects in accord with the wishes of Authorities. |
|
---|---|
Grouper |
|
perMIT |
|
Sakai 2 |
|
KIM |
The KIM use of this term is well aligned with this definition. |
Kuali Student |
|
IMS |
Access Management Service: The application of data about users, user profiles and services to access control systems so that authenticated users have access to those system, functions and resources that they are authorized to use. Typically Access Management Systems also seek to support single sign on, where the user is challenged for a single name and password and has access to more than one system or resource.Note 1 |
Spring Security |
|
Moodle |
|
Sun IDM |
|
Oracle IDM |
Oracle IdM uses the phrase "access rights management" to denote those processes by which access is granted or revoked. |
A declaration or claim. Typically, when the term assertion is used in conjection with privilege management it tends to connote a claim formatted with a particular formal syntax. For example the document or speaker may be talking about a claim formatted as an assertion conformant to the SAML specification. |
||
---|---|---|
Grouper |
|
|
perMIT |
perMIT does not currently create any SAML assertions. Nor does is currently consume and SAML assertions. One request has been made for the system to accept SAML assertions and have this trigger a rule evaluation that would create an ASPEC, if applicable, on the fly. |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
OIM doesn't currently employ any claims-based or assertion-based facilities. OAM (Oracle Access Manager) |
|
XACML |
A specific characteristic of a subject, resource, action or environment in which the access request is made. Attributes could include a user's name, workstation identity, security clearance, the file to which access is desired and the time of day. |
|
ASPEC |
|
|
---|---|---|
Grouper |
|
|
perMIT |
We believe this term is unique to perMIT. We created the term so that we would not cause any confusion with common, overloaded terms, or establish a colloquialism. An ASPEC refers to a perMIT triple consisting of a subject + function + qualifier. |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
The process of confirming the identity of a principal. Since computer identification cannot be absolute (e.g., passwords can be stolen), authentication relies on a related concept of level of trust, in which an institution relies on good identity management practice (so that the institution believes they have correctly identified an individual) and secure mechanisms for sharing identity. |
||
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
The KIM definition is aligned with this definition. In the current KIM technical guide, authentication is defined as the act of logging into the system. |
|
Kuali Student |
|
|
IMS |
Verifying a user's claimed identity.Note 1 |
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Authority |
1) A broad term than can cover most aspects of creating policies and rules governing who has rights and privileges for an organization. It includes the ability to control the dissemination of those rights, as well as an organization's responsibilities to enforce those rights. This is sometimes referred to as AuthZ (authorization), in contrast to AuthN (authentication). |
|
---|---|---|
Grouper |
|
|
perMIT |
see also: primary authorizer, principal investigator, and grantor |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
Sun IDM uses the term "capability" to describe #3 |
|
Oracle IDM |
|
|
Authorization |
The process of deciding if a subject (person, program, device, group, role, etc.) is allowed to have access to or take an action against a resource. Authorization relies on a trusted identity (authentication) and the ability to test the privileges held by the subject against the policies or rules governing that resource to determine if an action is permitted for a subject. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
The permission for a principal to perform actions in the system. |
|
Kuali Student |
|
|
IMS |
The permission to perform certain operations or use certain methods or services.Note 1 |
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Claim |
A declaration, or assertion, made by an entity. Hopefully the entity is a reliable third party. Examples of claims include names, affiliations, group membership, or capabilities. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Kim Cameron |
an assertion made by one subject about itself or another subject that a relying party considers to be "in doubt" until it passes "Claims Approval" |
|
Delegation |
The process used, or task performed, by a grantor to assign privileges to other subjects within the limits of its authority. A subject with delegated privileges does not have to perform any type of impersonation in order to exercise the privileges. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
The process of temporarily assigning future work items to one or more other users for a specified period of time. |
|
Oracle IDM |
Roughly speaking, in OIM, granting or revoking access is referred to as "provisioning" or "deprovisioning", and he process used by a grantor to assign or revoke resource access for a subject is reerred to as "direct provisioning" (as opposed to access granted or revoked automatically based on rules). OIM reserves the term "delegation" for the process of authorizing an OIM user to perform provisioning or deprovisioning. |
|
Eligibility |
A concept closely related to authorization in that it can use the same mechanisms of authentication, policies, rules, and role evaluation. The differences are semantic - one is "eligible for something" as opposed to "authorized to do something" - so each is appropriate to use to describe different use cases. For instance, "all students are eligible for an email account", vs "students in this class are authorized to download course materials". |
|
---|---|---|
Grouper |
|
|
perMIT |
perMIT does not support the management of eligibility. The only portion of perMIT that might touch on eligibility is the implied authorizations subsystem, in that data that expresses an eligibility might be evaluted and corresponding ASPECs might be created as a result. |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
The concept of "eligibility" arises in OIM in reference to the application of rules to grant or revoke access. The term isn't really used much in the documentation, but the concept surfaces in multiple forms. |
|
Entitlement |
Often used the same as Privilege, entitlement carries the feeling of something owed or of a right granted. We make limited use of the word here. An authority-related eduPerson attribute - eduPersonEntitlement - uses this term specifically as an attribute that conveys ownership of the named right or privilege, a token that can be used directly or in a rules evaluation in determining authorization. |
|
---|---|---|
Grouper |
|
|
perMIT |
perMIT does not attempt to manage entitlements. By their nature perMIT ASPECs always include a scope (aka qualifier), although in some cases the scope may be NULL. |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Entity |
A collection of identifiers and attributes managed by an Identity Management System representing any real-world actor, such as a person, process, system, etc. |
|
---|---|---|
Grouper |
In the Grouper UI, the term Entity is used instead of Subject, since it is more natural for non technical people |
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
The KIM definition is well aligned with this definition. KIM definition: A record responsible for housing identity information for a given Person, Process, System, etc. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Grantor |
A principal authorized to delegate some portion of its own authority and that has exercised that privilege. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Group |
A collection of subjects, which can include subjects representing other groups. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
The KIM definition is well aligned with this definition. |
|
Kuali Student |
|
|
IMS |
Group Management Service: Group management services can include data from class creation and class scheduling, and the ongoing maintenance of that data. A source system creates and maintains group information, which needs to be shared with other systems that are involved with group management functions. The flow of group management information is not necessarily one way; some data may be updated by a target system and passed back to the source system.Note 1 |
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Identity Management |
Identity management is often used broadly to encompass not only activities to correctly identify and maintain attributes about subjects, but also the manifestations of that knowledge through infrastructure supplying access and security services - single sign-on, account/service provisioning, authentication and authorization. Here we focus on a narrower definition, principally the need to identify persons as one individual despite multiple associations and roles, proper identification of other entities and agents (organizations, applications, groups, services, resources, etc), and the management of that information over time and across the enterprise. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Member |
|
|
---|---|---|
Grouper |
A member in Grouper is a subject used in Grouper (e.g. a member of a group). Each subject has a member record in the Grouper system. |
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Membership |
|
|
---|---|---|
Grouper |
A membership is an assignment of a group to a member/subject, and a list. A group can have multiple lists (e.g. a class group could have a |
|
perMIT |
|
|
Sakai 2 |
Several important types of group (site memberships; course sections; integration with a group provider such as SIS or LDAP) include role as an aspect of membership. E.g., a member of an official course offering may play the role of "Instructor of Record" or "Enrolled Student." |
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
Namespace |
A domain in which an identifier is unique in representing a single object. |
|
---|---|---|
Grouper |
Grouper has stems (aka folders) in which objects can be assigned. A group and a stem can have the same name in the same stem. |
|
perMIT |
|
|
Sakai 2 |
In Sakai 2, the Site is the main organizational unit. Instances of plug-in tools are added to a site. Groups and sections are managed as subgroups of the site membership. In Sakai 3, workspaces and groups will be managed and associated more flexibly. |
|
KIM |
The KIM definition of namespace is aligned with this definition. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
The closest term to this is Schema Map in the Sun IDM |
|
Oracle IDM |
|
|
Permission |
A closely related term to access control, a permission is the control specifically related to a resource and an action - a subject must have permission to take that action. Note - paccman is deprecating this term and suggest that privilege be used consistently. |
|
---|---|---|
Grouper |
A permission in Grouper refers to external permissions that an external system might be managing centrally with grouper. This is a type of attribute on a Role or a Role/Subject tuple (how individual permissions are assigned, not Role-wide). |
|
perMIT |
|
|
Sakai 2 |
In Sakai 2, "permissions" are string keys registered for external management and used by an application or service to distinguish user access rights: a plug-in calls the framework to find out whether the current user has the given permission in the current context. The framework generally decides this based on mappings of site membership role to permissions. Not all access decisions need be exposed for external management. Some permissions might be shared by multiple components. Coarsely-grained permissions based on application workflow sometimes overlap conceptually with roles. |
|
KIM |
KIM use of this term is similar. Defined as the fine grained actions that can be mapped to functionality within a given system. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
policy |
A policy is used to describe general access control requirements. There are many existing proprietary and application-specific languages for creating policies, but XACML has several points in its favor: it's standard, it's generic, it's distributed, it's powerful. |
|
---|---|---|
Grouper |
|
|
perMIT |
A perMIT ASPEC can be easily translated into a single effect XACML policy, and vice versa. If more complicated policies are desired, within perMIT, this would be done when creating the rules for implied authorizations. The more complicated rules will always end up being expanded into the simple ASPEC model within the perMIT database. |
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
Establishes limitations for Identity Manager accounts. |
|
Oracle IDM |
|
|
Principal |
A subject whose identity can be authenticated. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
KIM definition is very similar. Uses the term entity instead of subject. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
The equivalent word is account |
|
Oracle IDM |
|
|
Privileges |
Etymologically speaking, a privilege is a "personal law", making privileges a set of personal rights. Privileges amount to the sum of what a subject may do, as granted to them or inherited. |
|
---|---|---|
Grouper |
A privilege in Grouper refers to privileges on Grouper objects. e.g. someone can UPDATE a group (change the membership list), or CREATE in a stem/folder (they can create objects there. Since Grouper has internal privileges, and can act as a privilege management system, the internal privileges are privileges, and the external ones are permissions. |
|
perMIT |
Etymologically speaking, a privilege is a "personal law", making privileges a set of personal rights. Privileges amount to the sum of what a subject may do, as granted to them or inherited. |
|
Sakai 2 |
|
|
KIM |
KIM currently uses the term permission. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
user entitlementIn Identity Manager, an auditable access privilege granted to a user on a resource or system that enforces access restrictions. |
|
Oracle IDM |
|
|
Provisioning |
The process of managing attributes and accounts within the scope of a defined business process or interaction. Provisioning an account or service may involve the creation, modification, deletion, suspension, or restoration of a defined set of accounts or attributes. |
|
---|---|---|
Grouper |
Grouper has the "Grouper loader" which keeps groups in sync with external systems (currently via SQL). It also has a change log and notifications, and ldappc (ldap provisioning connector) to export data out of grouper. |
|
perMIT |
|
|
Sakai 2 |
Sakai uses a user directory provider and a group provider as integration points with external authentication, person profile, personnel, and course systems. |
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
This matches the Sun IDM |
|
Oracle IDM |
|
|
Resource |
Resource and Target are often used synonymously when discussing privilege management colloquially. As with Target, the term is context dependent when used informally. At times, Resource is another close synonym of Qualifier and Scope. However, people tend to use this term when speaking about more "tangible" scopes such as "Oxford English Dictionary Online" or "Ethnic Newswatch". There are other qualifiers and scopes that people don't typically think of as a resource, for example "the category of HR", "NULL", and depending how closely you work with the financial system, cost objects and account numbers. |
---|---|
Grouper |
|
perMIT |
see Qualifier |
Sakai 2 |
|
KIM |
|
Kuali Student |
|
IMS |
|
Spring Security |
|
Moodle |
|
Sun IDM |
|
Oracle IDM |
|
XACML |
In XACML, the resource is the "thing" which is being managed. |
Responsibility |
|
|
---|---|---|
Grouper |
|
|
perMIT |
perMIT does not distinguish between a Function and a Responsibility. Since functions are defined in bussiness terms, we don't see this as a problem. For example within our Payroll category we have a function named EDACCA CERTIFIER-PERCENT ONLY. This means an individual with direct knowledge of the work performed who is authorized to certify the DACCA without maintaining paper back up, with access by percentage and not by dollar amount.The qualifiers are used to control this by profit center, a profit center or cost object supervisor, or at a cost object. |
|
Sakai 2 |
|
|
KIM |
A responsibility is an action that a principal assigned to a role is expected to perform. Similar to a permission except that the principal not only has the ability to perform the action, but is expected to perform the action. This is used for defining workflow actions (such as approve, acknowledge, FYI) for which the principal is responsible. Responsibilities form the basis of the workflow engine routing process.Responsibilities are always granted to a role, never assigned directly to a principal or group. Furthermore, similar to permissions, a role has a responsibility template. The responsibility template specifies what additional responsibility details need to be defined when the responsibility is created. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
The Sun IDM has the notion of an approval chain which indicates the individuals in a workflow that need to approve a role assignment |
|
Oracle IDM |
|
|
Role |
A collection of privileges usually relating to a task, responsibility, or qualification associated with an enterprise. Collections may be comprised of any combination of implicitly and/or explicitly defined privileges. Roles within an enterprise typically have overlapping privileges. Role based access control systems often include features to establish role hierarchies, where a given role can include all of the privileges of another role. Roles can generally be associated with subjects (person, program, device, group, etc.) |
|
---|---|---|
Grouper |
A Role in Grouper is what links subjects (including Groups), to permissions. It is similar in structure to a group (has an internal name, friendly name, description, namespace, members). A Role in Grouper can be in a directed graph of Role inheritance. So a Role can inherit permissions from other Roles. |
|
perMIT |
Roles are associated with a subject, but a subject cannot be a group within perMIT.There are two mechanisms to create a collection of privileges within perMIT. |
|
Sakai 2 |
A role indicates a person's tasks, responsibilities, qualifications, or expectations in some context. It may be associated with a collection of software privileges or permissions. It may determine an application's UX (e.g., the blog presents different workflows to the the owner and the commenter). It may be used to map between disparate contexts. E.g., externally-managed course management groups and roles (official classes and sections; "Instructor", "Enrolled Student", "Teaching Assistant") can feed Sakai 2 site memberships and roles. Sakai 3 also intends to support social networking contexts which use "relationship to a person" in much the same way as "role in a group." |
|
KIM |
Roles aggregate permissions and responsibilities. Roles are not scoped to namespace therefore, Roles can provide authorization privileges across namespace |
|
Kuali Student |
|
|
IMS |
A specification of the type of participant in a unit of learning. There are two basic role types-Learner and Staff, which can be sub-typed to allow learners to play different roles in different learning activities (e.g., task-based, role-play, simulations). Similarly support staff can be sub-typed and given more specialized roles, such as Tutor, Teaching Assistant, Mentor, etc. Roles thus lay the basis for multi-user models of learning.Note 1 |
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
A role is an Identity Manager object that allows resource access rights to be grouped and efficiently assigned to users. Roles are organized into four role types: Business Roles, IT Roles, Application Roles, and Assets. IT Roles, Applications, and Assets organize resource entitlements into groups. These three groups are then assigned to Business Roles so that users can access the resources they need to do their jobs. However |
|
Oracle IDM |
|
|
Rule |
A prescribed evaluation of data which is used to confer a privilege, or privileges, to a subject or a collection of subjects. |
|
---|---|---|
Grouper |
|
|
perMIT |
|
|
Sakai 2 |
|
|
KIM |
|
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
Object in the Identity Manager repository that contains a function written in XPRESS, XML Object, or JavaScript languages. Rules provide a mechanism for storing frequently used logic or static variables for reuse within forms, workflows, and roles. Similar to the about definition |
|
Oracle IDM |
|
|
Subject |
An entity whose identifiers and attributes are managed by an Identity and Access Management practice. |
|
---|---|---|
Grouper |
Same as definition above. Grouper uses the Internet2 Subject API so that several subject sources can be configured. Grouper implements some subjects sources for internal subjects (e.g. groups as subjects, GrouperSystem (all powerful user), and GrouperAll (if making a privilege public, assign GrouperAll to it) |
|
perMIT |
The noun in an ASPEC. A person, program, device, or other relevant entity which can authenticate to a system, and to which an authorization may apply. (Note well: A subject is never a group, since a group does not authenticate.) |
|
Sakai 2 |
|
|
KIM |
KIM uses the term principal. |
|
Kuali Student |
|
|
IMS |
|
|
Spring Security |
|
|
Moodle |
|
|
Sun IDM |
|
|
Oracle IDM |
|
|
XACML |
The person or computer making a request. |
|
Kim Cameron |
The consumer of a digital service (a digital representation of a natural or juristic person, persona, group, organization, software service or device) described through claims. |
|
Target |
The term "Target" should be deprecated. Target is a matter of perspective and context. When people are discussing privilege and access control informally, a target is often the same as a Resource. However, at other times, the focus is on the Subject. In yet different contexts the target is actually the set of people that have a specific verb and scope applied to them, as in the "target group". |
---|---|
Grouper |
|
perMIT |
|
Sakai 2 |
|
KIM |
|
Kuali Student |
|
IMS |
|
Spring Security |
|
Moodle |
|
Sun IDM |
|
Oracle IDM |
|
XACML |
A Target is basically a set of simplified conditions for the Subject, Resource and Action that must be met for a PolicySet, Policy or Rule to apply to a given request. |
Verb |
See Function |
---|---|
Grouper |
|
perMIT |
|
Sakai 2 |
|
KIM |
|
Kuali Student |
|
IMS |
|
Spring Security |
|
Moodle |
|
Sun IDM |
|
Oracle IDM |
|
XACML |
|
Kim Cameron |
|
Workflow |
Workflow is concerned with the automation of procedures where documents, information or tasks are passed between participants according to a defined set of rules to achieve, or contribute to the authority assigning privileges. |
---|---|
Grouper |
|
perMIT |
|
Sakai 2 |
|
KIM |
|
Kuali Student |
|
IMS |
|
Spring Security |
|
Moodle |
|
Sun IDM |
|
Oracle IDM |
|
XACML |
|
Kim Cameron |
|
Notes:
- IMS definitions are taken from the IMS Abstract Framework Glossary, Version 1.0.
1 Comment
Paul B Hill
At the June 2009 Educause / Internet2 Advanced CAMP several people volunteered to perform work related to this effort.
This is documented at https://spaces.at.internet2.edu/display/ACAMPIdSummit/Action+Items+from+Advanced+CAMP
The people that volunteered to continue work on the glossary and create ontology or other representation in the MACE-paccman space were:
TomD, Leif, Trent, MichaelP, Paul Hill, Ray Davis
The other action item closely related was to create a "translation" between SAKAI, PerMIT, paccman, Kuali, SpringSecurity Framework, and other project's terminology. The comparative taxonomy is a first take at that effort. The people that volunteered at CAMP were:
Ray Davis - from Sakai
Eric & Jens from Kuali (and they indicated they woudl get other people involved as well.)
ScottB volunteered to help with Spring or draft others related to the project
We know that Rob Carter has been investigating Oracle's IDM.
Paul expects that he can get Scott Thorne to comment regarding Kuali Student.
Can anyone find a volunteer to cover Moodle and Sun Identity Manager?
What about IMS?