...
- Start out using a single user attribute "affiliation", in a campus directory and let applications make authorization decisions
- Enrich centralized access management using groups determined from "systems of record" such as course memberships, chargers against financialaccountsfinancial accounts, department memberships" •membership
- Get central IT out of the loop and allow departments and and application owners to create groups for their own purposes.
- Support other deeper integrations with access management, support access decisions decisions via webservicesweb services, provides provide access to predefined roles and privileges
...