Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Bill,

The InCommon Technical Advisory Committee has launched an effort to develop a document that presents the landscape of identity-related projects of particular relevance to the Research and Education (R&E) community, including information about their state, the relationships among them, and gaps among those relationships and between the capabilities they provide and what is needed by this community. This Identity Landscape document is intended to provide information as input to strategic decision making by those providing leadership to the identified projects and to promote increased coordination among them. It will be written with those audiences in mind, though we also expect it to be shared widely with the R&E public.

As a representative of the CAS project, your participation in this effort would be invaluable to us and, we hope, to you as well.  In order to give you an idea of what we're looking for, I have included a quick set of questionnaire topics that we are using to collect basic information about each project, as well as answers to that questionnaire for the Grouper project, at the bottom of this message.  As you can see, we are looking for very brief summary information, although we may ask to schedule a telephone conversation at a later date to fill in additional information.  Simply replying to this note, editing your responses into the Questionnaire Topics below would be greatly appreciated.  We could also schedule a telephone interview to go through the questionnaire and draft answers for your review, if that works better for you.

Please let me know if you are willing to participate, or could designate someone else.  Don't hesitate to contact me if you have any questions.  Thank you for your help.

David Walker
InCommon Technical Advisory Committee
dhwprof@gmail.com

 

Questionnaire Answers - DRAFT

Project Name

Apereo CAS

Contacts

Bill Thompson, Unicon

wgthom@unicon.net

Overview / Mission

CAS is an authentication system originally created by Yale University to provide a trusted way for web application to authenticate a user. CAS became a Jasig project in December 2004 and subsequently an Apereo project in 2013.

CAS provides an enterprise web single sign-on service:

  • An open and well-documented protocol
  • An open-source Java server component
  • A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others
  • Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle and others
  • Community documentation and implementation support
  • An extensive community of adopters

View CAS Brochure

Goals / Roadmap

Specific goals the project has for the future.  If available, also a time frame for achieving those goals.

CAS maintains a roadmap at: https://wiki.jasig.org/display/CAS/CAS+Roadmap.

CAS 4.0 is the current work in progress an includes the following scope slated for 2013:

  • improved authN APIs to support multiple credentials (forces Major release per release strategy)
  • new skin and better support for mobile devices
  • Improvements to the Ldap Password Policy enforcement that are described here.
  • potentially other minor evolutionary improvements that would have been targeted for 3.6.

Approach to Work

How priorities are set, the process for releasing deliverables, collaborative work style, expectations of members, etc.

CAS is loosely run as an Apache style open source project with priorities mostly set by availability of interested developers and committer consensus.

Strategies for Sustainability

Strategies for funding, inclusion of new members, etc.

CAS relies on Apereo to fund general community infrastructure (mailing lists, website, jira).  The project also makes use of free infrastructure from github for source code control.  Development and management of the project is mostly resourced directly from the participants.  Unicon's Support program also contributes directly to the project based on the number of subscribers to the program.   Sustainability is derived from three primary sources:

  • Apereo support for community infrastructure
  • Community participants  (direct contribution)
  • Unicon Support program (indirect via Unicon)

Relationships with Other Projects

Areas where there is observed interdependence or similarity with other projects.

CAS and Shibboleth are similar in that they both can be used for WebSSO.  They differ in that Shibboleth if mostly focused on implemented the SAML specification, whereas CAS is mostly focused on being a great platform for enterprise WebSSO regardess of the protocol.   Many deployers have found CAS and Shibboleth to be more complimentary than competitive.  See: Shibboleth and CAS - Even More Perfect Together

CAS also has relationship with Apereo Person Directory for attribute resolution and can be used in conjunction with Grouper for course-gained access control.

Observed Gaps

Elements of the identity landscape that do not seem to exist, but are needed to achieve the project's goals.

?

Challenges

Potential roadblocks to achieving the project's goals.

  • Lack of input from stakeholders outside of the developer community.
  • Availability of developer resources.
  • Governance/consensus around project direction.

More Information

URLs where further information about the project is available.


Notes

Miscellaneous notes that do not fit in the other categories.

 

Sample Grouper Response

DRAFT - Project Summary - Grouper - DRAFT
Project Name

Grouper Access Management System
Contacts

Tom Barton
Overview / Mission

Grouper is an open source toolkit for managing access using groups, roles, and permissions. It is designed to function as the core element of a common infrastructure for managing access information across integrated applications and repositories. Grouper combines multiple sources of group information, both automated and manual, in managing memberships and other group information in a Group Registry, a central information asset complementary to a site's Person Registry.

The Grouper project started in 2003 to address group management needs in higher education.  In this context, higher education is distinguished from most other enterprises in the following ways:
It is very decentralized.  Distributed management and delegation are very important.
Large numbers of identity sources must be accommodated.
Privilege is not tied closely to job titles.
Goals / Roadmap

Privilege management was added to Grouper in release 2.  The next release is 2.2 in about six months.  Highlights for that release include:
An administrative user interface to address the needs of beginning and intermediate users.
Support for any sized screen, down to mobile devices.
Greater orientation to a service catalog paradigm, including service tags and the concept of service administrators.
Integration for popular software like uPortal
Approach to Work

Grouper maintains two electronic mail lists, grouper-users and grouper-devs for communication.  "Those who show up make the decisions," and they try hard to get people to show up.  Decisions to move forward with new functionality require at least one adopter/partner who will use the functionality to assure the development is grounded in real needs.
Strategies for Sustainability

Grouper is an open source project with financial support from Internet2 for about 1.5 FTE spread over about 4 developers.  Internet2 also supports conference calls and a scribe.

The sustainability proposition is the value Grouper brings; it's not necessarily financial.  Grouper addresses a problem that people agree is good to work on.
Observed Gaps

Better capabilities to work with AD.  Grouper can provision AD, but nothing more.  Nobody's speaking up about this, but Gartner observed this in an evaluation of group management tools that otherwise rated Grouper well.
Closer work with CIFER.  The sustainability and governance models don't always mesh well, making collaboration a challenge.
Relationships with Other Projects

Grouper has touched many other projects.  For example,
Release 2 of Grouper inherited much of its functionality needs from the now defunct Signet project.
uPortal
Apereo / Jasig
Shibboleth
Kuali Rice
CIFER
Some engagement with Globus, although the fit wasn't very good.
Universities
University of West Bohemia contributed a POSIX UID/GID manager for Grouper
A consortium of 180 universities in central France with a shared instance of uPortal, managed by Grouper
SURFnet
Challenges

Organizational gaps, such as observed above for CIFER.
More Information

Grouper web site:http://www.internet2.edu/grouper/
Grouper Product Roadmap (https://spaces.internet2.edu/pages/viewpage.action?pageId=14517754)
Notes

 

 

  • No labels