Internet2 Middleware Initiative K. Hazelton for MACE-Dir
Internet2 Document University of Wisconsin-Madison
Copyright © 2005 by Internet2 and/or the respective authors July 5, 2005

Group and membership concepts

Status of this Memo

This document is an Internet2 Document and is in compliance with relevant Internet2 document standards.

Internet2 Documents are working documents of Internet2, its areas, and its working groups.

This document is a submission from the MACE-Dir WG of the Internet2 Middleware Initiative. Comments should be sent to mace-dir-comments at


There are a growing number of situations where a standardized representation of an entity's group memberships would help support interoperation between multiple processes and systems. The Internet2 Middleware Initiative projects Grouper and Signet are two cases in point. This document proposes a simple information model for group and membership concepts. Other documents define recommended bindings or mappings from this information model to specific protocols such as LDAP and SAML.

1. Specification

Entities (people, organizations, etc.) can belong to groups. Any given instance of membership relates one entity to one group. There are two ways to look at a given membership:

1) Entity E is a member of Group G, or

2) Group G has Entity E as one of its members.


Highlighted end of the association
Name of directional association
Entity isMemberOf 0..* The entity at one end of the association is a member of the group at the other end
Group hasMember 0..* The group at one end of the association has the entity at the other end as one of its members

Author's Contact Information

  Keith Hazelton
  University of Wisconsin-Madison
  1210 W. Dayton St.
  Madison, WI 53706
Phone:  +1 608 262 0771