Date: Fri, 29 Mar 2024 08:16:35 +0000 (UTC) Message-ID: <1785143922.7675.1711700195533@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7674_390514995.1711700195532" ------=_Part_7674_390514995.1711700195532 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Following on from the discussion on the July 3, 2013 Grouper D= ev call and the July 29, 2014 and the Augus= t 27, 2014 Grouper Dev call, this page captures thoughts about the futu= re of the PSP and = directions for provisioning strategy. General consensus:
General requirements moving forward for message queue readers:
This still needs to be worked out.
Deployer |
Message Format Documentation |
---|---|
Washington |
https://wik=
i.cac.washington.edu/display/infra/Groups+AWS+Event+Messaging |
Carnegie Mellon |
|
Grouper ESB |
link to grouper ESB |
Prospective first implementations for Grouper 2.3 are:
The provisioning modules will be configured via properties files using s= tandard grouper configuration mechanisms. Modules will be activated by eith= er calling them from GSH for batch/reconciliation functions or either a cha= ngelog consumer or Grouper hooks for incremental provisioning. Hooks = will be investigated as a means of provisioning more quickly. The provision= ers will support two kinds of configuration:
Global configuration of the modules will be done by properties files spe= cific to all instances of that module. Some of the envisioned properties se= t in these files include
The idea behind categorical configuration is that rather than decorate a=
specific group to be provisioned to a specific target endpoint, we create =
an abstraction capability. The idea is that a group could receive the=
provisioning decoration of standard
which would signal t=
he downstream provisioners looking for standard
to provis=
ion their targets accordingly. In this manner, a Group Admin, knowing=
that standard
meant provision to LDAP, AD, and Google Ap=
ps, for instance, could just apply that one attribute & be done with co=
nfiguring the provisioning. Categorical implementation would likely t=
ake the form of a group attribute with some metadata explaining which targe=
ts to hit.
This needs to be re-thought in light of the message consumers. Do we put= the attributes into the message to inform the downstream consumers about i= t or do we require the consumers to call-back into grouper for additional d= ata. My gut says we should do our level best to ensure a message has all th= e data a consumer would need to keep speed up and callbacks down.
Group level configuration would be handled by attributes placed upon groups or folders= . The following standard attributes are envisioned:
Specific provisioners may specify additional attributes they will use to= determine how to provision that group's membership. Some examples are:
The Grouper UIs will also be updated to facilitate managing of these att= ributes.