Versions Compared

Old Version 4

changes.mady.by.user Michael Hyzer

Saved on

compared with

New Version 5

changes.mady.by.user Michael Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • GRP_0100 PSU The groups system shall support the establishment and maintenance of standing groups based on data from System(s) of Record (SoR).
    • Grouper supports this from the SQL loader
    • Rice allows implementers to implement the Group service interface to make a SQL call with Java
  • GRP_0120 PSU The groups system shall provide a distributed and delegated groups management function.(Requires deep namespace)
    • Rice allows group permissions, but not distributed delegation where you do not need to contact central IT
  • GRP_0140 PSU The groups system shall support the publishing of groups information to other systems (LDAP, Active Directory, and so on).
    • Grouper has LDAPPCNG to provision group/permission information
  • GRP_0160 PSU The groups system shall support the construction of dynamic groups.
    • Grouper has the grouperLoader to load groups from LDAP
    • Rice allows implementers to implement the Role service interface to make a JNDI call with Java
  • GRP_0170 PSU The groups system shall support nested groups.
    • Can Rice put a dynamic group/role as a member of a static group/role?
    GRP_0200 PSU The groups system shall provide an auditing facility for all changes to groups/memberships.
    • Grouper has user auditing and point in time auditing
    • Rice has workflow auditing (similar to user auditing)
  • GRP_0210 PSU The groups system shall provide a notification facility that user's/system's can subscribe to for group changes.
    • Grouper allows rules to send email notifications, or the change log sends system events / XMPP
  • GRP_0230 PSU The groups system shall support the construction of a group from the members of other group(s) (group math).
    • Grouper has intersection and minus
  • ROL_0110 PSU The roles system shall support three types of roles: basic, assigner (assigns users to roles) and stewards (assigns assigners to roles).
    • Rice: if you can edit the role, then you can edit the membership.  If you have permissions on the namespace to be a role steward, you can assign people to be editers
  • ROL_0150 PSU The roles system shall support permissions and/or limits associated with a role.
    • Grouper supports permissions and limits
    • Rice has qualifiers to put on permissions.  To evaluate limits you can implement a java interface to do decisions on limits
  • ROL_0180 PSU The roles system shall support a hierarchy of roles, which enables the reuse of roles.
    • Grouper allows Role inheritance, Rice allows Roles to be assigned to Roles