Versions Compared

Old Version 11

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Grouper Permissions allow/deny

DATE and TIME: 5/26/2011 - 10:00

CONVENER: Chris Hyzer

SCRIBE: Mark Rank - UWM

# of ATTENDEES: 23+

MAIN ISSUES DISCUSSED:

--- Demo (Google permissions allow and deny)
---- https://spaces.at.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny
--- overview of current state permissions for level setting
---- roles
---- action 
---- resources
--- Grouper 2.0 coming at end of summer
--- Algorithm summary on web
---- direct trumps inheritance
---- inherited deny trump inherited accept
---- remember permissions assigned to role not directly to a subject
---- review algorithm details
--- Discussion of accept vs deny (terminology)
---- Concern about terminology 
---- "What are you trying to achieve?"
--- Review some examples
---- used to cut branches out of the resultant set
--- How do we manage the complexity in a UI?
---- Have a fair amount of technical needs for setup
---- strongly need defined roles 
---- leverage UI's to narrow down the options
---- need simpler UI's 
---- demo of simplier custom UI's
--- Is there a tool to test the result of the change?
---- UI does have some tools
--- Some basic GROUPER terminology
--- Demo (Google permissions allow and deny)

...

---- Historically DENY has issues

-
ACTIVITIES GOING FORWARD / NEXT STEPS
- Looking at agreeing on adopting one of the simpler UI's? 

- Status of maturity of API's?
- What are the use cases for this?
-
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu
Thank you!