Versions Compared

Old Version 2

changes.mady.by.user Jeremy Jeremy

Saved on

compared with

New Version Current

changes.mady.by.user Jeremy Jeremy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

What is Grouper?

  • http://www.internet2.edu/grouper/
  • Grouper makes groups
  • based on URN namespaces to make sure group names don't collide
  • main objective is large scale admin and delegation of a common store
  • many people have authority over many other people's information
  • all those different agencies can source a knowledge system based on a common service that many agencies can plug into

...

  • National Cancer Institute, 80 Cancer research centres is federated and uses PKI, Grouper is the access management component.
    • Central group registry and most sites have their own, but it provides a way for you to link your app to their grid while maintaining access
  • U of Chicago uses it to solve ordinary use cases, over time you amass a new asset of who can access what, provides an alternative to creating application level access control
  • Brown and Duke both have large, mature deployments
  • Brown first ones to address a course management problem WRT the fact that the SIS doesn't provide a complete picture of TAs etc. Grouper fills that gap.
  • Dutch organization is providing access control to a variety of services for multiple government agencies
  • French team is using Grouper and uPortal to solve issues around there portal for many French schools. Create dynamic groups based upon LDAP attributes because doing so on the fly was too much load on LDAP. Async into Grouper from LDAP when attributes show up then pull the info from Grouper into uPortal.
  • University in the Czech Republic built a Grouper based extension to their Sun Identity Manager which they would like to contribute back.

Contributors

  • University of Washington
  • University of Pennsylvania
  • University of Chicago

Barriers to adoption

  • When people just say "I can just use LDAP"
    • Some operations in LDAP are too large or hurt something else.
    • Grouper born out of running out of gas in LDAP
    • Grouper allows delegation of administration
    • Grouper solves the referential integrity issues, because there are more than one way to model groups in LDAP
    • You could just use Grouper to manage your LDAP (cooked in Grouper, pushed to LDAP)