Versions Compared

Old Version 5

changes.mady.by.user Michael Hyzer

Saved on

compared with

New Version Current

changes.mady.by.user Michael Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Access Management Team Meeting Minutes

Date: 10/24/2011

Attendees:

Person

Attended

Tom Barton

(tick)

Jacob Farmer

 

Scott Gibson

(tick)

Chris Hyzer

(tick)

Jimmy Vuccolo


Agenda

1.    Note taker, agenda bash
2.    AI review

(not done) AI: Scott to add the Kauli requirements to the wikispace.

(not done) AI: Jimmy to review the PACCMAN use cases to determine if there are any relevant requirements.

3.    Go through requirements (& use cases) and indicate whether grouper/KIM meets each
4.    Take first stab at scope of work stream proposal
5.    Else
Tom

NOTES

Grouper/Rice requirement support

  • GRP_0100 PSU The groups system shall support the establishment and maintenance of standing groups based on data from System(s) of Record (SoR).
    • Grouper supports this from the SQL loader
    • Rice allows implementers to implement the Group service interface to make a SQL call with Java
  • GRP_0120 PSU The groups system shall provide a distributed and delegated groups management function.(Requires deep namespace)
    • Rice allows group permissions, but not distributed delegation where you do not need to contact central IT
  • GRP_0140 PSU The groups system shall support the publishing of groups information to other systems (LDAP, Active Directory, and so on).
    • Grouper has LDAPPCNG to provision group/permission information
  • GRP_0160 PSU The groups system shall support the construction of dynamic groups.
    • Grouper has the grouperLoader to load groups from LDAP
    • Rice allows implementers to implement the Role service interface to make a JNDI call with Java
  • GRP_0200 PSU The groups system shall provide an auditing facility for all changes to groups/memberships.
    • Grouper has user auditing and point in time auditing
    • Rice has workflow auditing (similar to user auditing)
  • GRP_0210 PSU The groups system shall provide a notification facility that user's/system's can subscribe to for group changes.
    • Grouper allows rules to send email notifications, or the change log sends system events / XMPP
  • GRP_0230 PSU The groups system shall support the construction of a group from the members of other group(s) (group math).
    • Grouper has intersection and minus
  • ROL_0110 PSU The roles system shall support three types of roles: basic, assigner (assigns users to roles) and stewards (assigns assigners to roles).
    • Rice: if you can edit the role, then you can edit the membership.  If you have permissions on the namespace to be a role steward, you can assign people to be editers
  • ROL_0150 PSU The roles system shall support permissions and/or limits associated with a role.
    • Grouper supports permissions and limits
    • Rice has qualifiers to put on permissions.  To evaluate limits you can implement a java interface to do decisions on limits
  • ROL_0180 PSU The roles system shall support a hierarchy of roles, which enables the reuse of roles.
    • Grouper allows Role inheritance, Rice allows Roles to be assigned to Roles