Date: Thu, 28 Mar 2024 22:37:58 +0000 (UTC) Message-ID: <222768932.7115.1711665478379@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7114_1166954926.1711665478377" ------=_Part_7114_1166954926.1711665478377 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Scribing Template --Friday, O= ct 5, 2012 at 1pm, Salon 4
CONVENER: Karolina Maneva-Jakimoska (Montclair State = University)
SCRIBE: Sam LaSala (Montclair State University)
# of ATTENDEES: ~15
MAIN ISSUES DISCUSSED
- Montclair State University is looking to move from a home-grown group = provisioning system to Grouper. The purpose of this session was to in= itiate a discussion about how other institutions have switched to Grouper a= nd about how they use Grouper to meet their needs.
- How Grouper is used really depends on what an individual institution's= needs are. Grouper is very flexible.
- A popular use of Grouper is to take advantage of its delegation to all= ow the functional offices to make exceptions to general access rules. = For example, the I.R.B office can manage a group to allow them to give VPN= access to guests.
- One university uses Grouper as its authoritative source for course enr= ollment information. This allows them to include T.A.'s that Banner d= oesn't list as being in the courses.
- One university has a scenario where, for privacy reasons, the list of = groups a user is a member of can't be obtained publicly by looking at the u= ser object.
- Use Grouper Loader to bring in groups from an authoritative data sourc= e.
- Connectors have been developed to synchronize Grouper groups into LDAP= directories and other systems like Google Groups.
- Grouper's changelog provisioner can be used for close to real-time pro= cessing.
- There haven't been many use cases for mapping Grouper privileges direc= tly to Active Directory ACL's, but Duke University has done work in this ar= ea.
- Access management is a 3 part assignment - permissions, roles, groups/= subjects.
- Role permissions can be inherited.
- An Authorization Standard API is being worked on. This will allo= w applications written in any language (perl, for instance) to take advanta= ge of Grouper-managed privileges.
ACTIVITIES GOING FORWARD / NE= XT STEPS
- Some links to get started with Grouper:
- Wiki https://spaces.at.internet2.edu/display/Grouper/Grouper+Wiki+H= ome
- Videos https://spaces.at.internet2.edu/display/groupertrain/Gro= uper+Training
- Mailing lists http://www.internet2.edu/grouper/lists.html