...
- GRP_0100 PSU The groups system shall support the establishment and maintenance of standing groups based on data from System(s) of Record (SoR).
- Grouper supports this from the SQL loader
- Rice allows implementers to implement the Group service interface to make a SQL call with Java
- GRP_0120 PSU The groups system shall provide a distributed and delegated groups management function.(Requires deep namespace)
- Rice allows group permissions, but not distributed delegation where you do not need to contact central IT
- GRP_0140 PSU The groups system shall support the publishing of groups information to other systems (LDAP, Active Directory, and so on).
- Grouper has LDAPPCNG to provision group/permission information
- GRP_0160 PSU The groups system shall support the construction of dynamic groups.
- Grouper has the grouperLoader to load groups from LDAP
- Rice allows implementers to implement the Role service interface to make a JNDI call with Java
- GRP_0170 PSU The groups system shall support nested groups.
- Can Rice put a dynamic group/role as a member of a static group/role?
- Grouper has user auditing and point in time auditing
- Rice has workflow auditing (similar to user auditing)
- GRP_0210 PSU The groups system shall provide a notification facility that user's/system's can subscribe to for group changes.
- Grouper allows rules to send email notifications, or the change log sends system events / XMPP
- GRP_0230 PSU The groups system shall support the construction of a group from the members of other group(s) (group math).
- Grouper has intersection and minus
- ROL_0110 PSU The roles system shall support three types of roles: basic, assigner (assigns users to roles) and stewards (assigns assigners to roles).
- Rice: if you can edit the role, then you can edit the membership. If you have permissions on the namespace to be a role steward, you can assign people to be editers
- ROL_0150 PSU The roles system shall support permissions and/or limits associated with a role.
- Grouper supports permissions and limits
- Rice has qualifiers to put on permissions. To evaluate limits you can implement a java interface to do decisions on limits
- ROL_0180 PSU The roles system shall support a hierarchy of roles, which enables the reuse of roles.
- Grouper allows Role inheritance, Rice allows Roles to be assigned to Roles