...
- Start out using a single user attribute "affiliation", in a campus directory and let applications make authorization decisions
- Enrich centralized access management using groups determined from "systems of record" such as course memberships, chargers against financialaccounts, department memberships" •
- Get central IT out of the loop " and and allow departments and application owners to create groups for their own purposes.
- Support other deeper integrations with access management, support access decisions via webservices, provides access to predefined roles and privileges
...