Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.

Published byChristopher Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago."— Presentation transcript:

1 © 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago

2 caBIG AuthZ WG17 July 20062 Functional Highlights  Group management capabilities  Basic group & membership management  Subgroups  Composite groups (union, intersection, complement)  Distributed authorities  Delegation of authority  Custom group types & attributes  Indirect membership traceback  Grouper is a management tool  Maintains group data & metadata in an RDBMS  Can manage any object presented to it as a “subject”

3 caBIG AuthZ WG17 July 20063 Components & Requisites  Components  Java API  Java UI (extremely mutable)  XML import/export tool  Command line shell  Infrastructure requisites  Hibernate for object persistence (supports most RDBMS’s)  Subject API for integration with identity sources  UI: Servlet API v2.3 REMOTE_USER or internal authN hook  Tarballs  API  UI  QuickStart package includes tomcat, database, identity source, etc

4 caBIG AuthZ WG17 July 20064 Privilege Model & Attribute Management  Per-group privileges  ADMIN, UPDATE, READ, VIEW, OPTIN, OPTOUT  Groups ↔ Attributes duality  Groups are lists of members  Members belong to a list of groups  Group names are attribute values of member objects  Grouper also manages Naming Stems  URN names and delegation of naming authority  Groups are named within a URN prefix = “naming stem”  Per-naming stem privileges  CREATE – can create groups with this naming stem  STEM – Create subordinate stems, assign CREATE priv  Privilegees are lists of “subjects”  So, group management capabilities apply to managing privileges

5 caBIG AuthZ WG17 July 20065 Subject API

6 caBIG AuthZ WG17 July 20066 Generic Integration Architecture

7 caBIG AuthZ WG17 July 20067 Status, Links  Grouper v1.0 RC1 released July 12  Grouper v1.0 to be released July 20-21  Grouper Wiki Grouper Wiki  Docs  Code  Product, project, & community support  Almost a complete solution. Lacking:  Near-real-time provisioning U Chicago, others will have JNDI provisioner “real soon now”  WS or other run-time query interfaces Cornell AXIS-based prototype  Roadmap  Aging of groups & memberships (v1.1)  Change notification (v1.1+)

8 caBIG AuthZ WG17 July 20068 Possible Q&A Areas  Run-time group query service  Systems integration  Federations, VOs, widely distributed authorities  Proxy IdPs, Service Centers

Download ppt "© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago."

Similar presentations

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
Wednesday Sessions. 2 Demonstrations & Discussions PASE, U Wisc, Steve Devoti & Mark Weber I2 services, Internet2, Mike LaHaye WS-Grouper, Cornell, Joy.

Wednesday Sessions. 2 Demonstrations & Discussions PASE, U Wisc, Steve Devoti & Mark Weber I2 services, Internet2, Mike LaHaye WS-Grouper, Cornell, Joy.
Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.

Managing Authorization with Signet and Grouper Tom Barton, University of Chicago Lynn McRae, Stanford University Tom Barton, University of Chicago Lynn.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.

Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
Leveraging Campus Directories: Lightweight Authorization and Group Management Keith Hazelton University of Wisconsin-Madison.

Leveraging Campus Directories: Lightweight Authorization and Group Management Keith Hazelton University of Wisconsin-Madison.
Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.

Recent Developments in Directories Tom Barton, University of Chicago Keith Hazelton, University of Wisconsin.
Overview of Kuali Student Technical Architecture Kuali Days :: Chicago May 13-14, 2008.

Overview of Kuali Student Technical Architecture Kuali Days :: Chicago May 13-14, 2008.
Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.

Internet2 MACE Identity and Access Management (IAM) Projects integ-tb-kh-02.ppt Keith Hazelton, U Wisconsin With help.
Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.

Handling Groups and Permissions: Grouper and Signet and uPortal Lynn McRae, Stanford University Keith Hazelton, University of Wisconsin With thanks to.
© 2005, Cornell University. Rapid Application Development using the Kuali Architecture (Struts, Spring and OJB) A Case Study Bryan Hutchinson

© 2005, Cornell University. Rapid Application Development using the Kuali Architecture (Struts, Spring and OJB) A Case Study Bryan Hutchinson
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.

Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.

Setting up the Grouper and Signet Databases Joy Veronneau Cornell University Identity Management November 7, 2006.
Enriching Identity Through Groups EDUCAUSE Distributed Access Management CAMP Joy Veronneau Cornell University, Identity Management November 8, 2006.

Enriching Identity Through Groups EDUCAUSE Distributed Access Management CAMP Joy Veronneau Cornell University, Identity Management November 8, 2006.
Curation Tool June 11, 2009. Curation Tool Overview Architecture Implementation Dependencies Futures 2.

Curation Tool June 11, Curation Tool Overview Architecture Implementation Dependencies Futures 2.
Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Introduction to Group Management Tom Barton, Blair Christensen University of Chicago.

Similar presentations

Ads by Google