PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware

Slides:



Advertisements
Similar presentations
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
Advertisements

Managing Roles & Privileges with Grouper and Signet Middleware Nate Klingenstein (some words stolen from Tom Barton & Lynn Mcrae) Helsinki EuroCAMP, April.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Integration Technologies for Grouper & Signet Tom Barton, U Chicago Joy Veronneau, Cornell Gary Brown, U Bristol Lynn McRae, Stanford.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
Chapter 5 Database Application Security Models
Widely Distributed Access Management Tom Barton University of Chicago.
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
A simpler way to manage identities across multiple services Aldo Zanoni, CEO ext. 232
Grouper Training Developers and Architects How to Design Permissions Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Understanding Active Directory
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Signet and Grouper for Distributed Attribute Administration
Get More Value from Your Reference Data—Make it Meaningful with TopBraid RDM Bob DuCharme Data Governance and Information Quality Conference June 9.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
Module 6: Designing Active Directory Security in Windows Server 2008.
Presented by Amlan B Dey.  Access control is the traditional center of gravity of computer security.  It is where security engineering meets computer.
Access Management with Grouper Tom Barton University of Chicago.
Intro to Grouper There’s nothing fishy about Identity Management with Grouper.
Grouper Training Developers and Architects Web Services - Part 5 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
OCI OCI Flexible file access control for iRODS Alva L. Couch, Ph.D. Tufts University with David Tarboton and Jeff Horsburgh:
Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
The New MR Repository & Security Authorization Model Ben Naphtali WebFOCUS Product Manager Architecture and Security May 2010 Copyright 2009, Information.
Grouper Training Developers and Architects Advanced Topics Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.
Kuali Rice A basic overview…. Kuali Rice Mission First and foremost to provide a consistent development framework and common middleware layer for Kuali.
New MR Repository & Security Universal Object Access Brian A Suter VP WebFOCUS Product Development November 16, 2015 Copyright 2009, Information Builders.
Windows Role-Based Access Control Longhorn Update
TIDEN Node Management Texas Integrated Data Exchange Node Partnered with.
Imagining a Community Source Student Services System Leo Fernig Richard Spencer SOA Workshop Vancouver March 24, 2006.
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.
Grouper Tom Barton University of Chicago. I2MM Spring Outline  Grouper’s place in the world  Some Grouper guts  Deployment scenarios.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
OVERVIEW OF ACTIVE DIRECTORY
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Apereo Grouper Seminar Part 3 – Hands on Grouper Chris Hyzer University of Pennsylvania and Internet2.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Grouper Training Developers and Architects How to Design Groups Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial.
Grouper attributes and privileges FUTURE features in Internet2 MACE Grouper June 2009 Chris Hyzer University of Pennsylvania Internet2.
HRMS Implementation Project HRMS Security Overview Module.
RCUK Policy on Open Access Name Job title Research Councils UK.
Grouper Training Developers and Architects Web Services - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Introducing Access Management
UVOS and VOMS differences
I2/NMI Update: Signet, Grouper, & GridShib
R-GMA Security Stephen Hicks UK Cluster Security
Enterprise Java Bean. Overview of EJB View of EJB Conversation Roles in EJB, Types of Enterprise Beans Lifecycle of Beans Developing Applications using.
Chris Hyzer, University of Pennsylvania
Examining a Windows NT Infrastructure (2)
Privilege Management: the Big Picture
NSF Middleware Initiative: GridShib
Signet Privilege Management
Grouper Training End Users Lite UI – Permissions – Part 1
Grouper Training End Users Lite UI – Rules
Signet & Privilege Management
PDI: Grouper Integration
Signet Privilege Management
Presentation transcript:

PDI: Intro to Grouper Jeff Ruch Jeff Ruch ACNS Middleware We are really new to grouper – playing around with it for only a few months Still working on policies

Table of Contents Grouper Overview Grouper UI CSU Implementation UI – Live demo CSU Implementation – source data

What is Grouper? Enterprise Access Management Designed for the highly distributed management environment Open Source (java based) Created by Internet2 Funding from National Science Foundation (NSF) Grant No. OCI-0330626, OCI-0721896, and OCI-1032468, Joint Information Systems Committee (JISC), University of Chicago, University of Pennsylvania, Duke University, University of Washington, University of Memphis, University of Bristol (UK) Established v.5 in 2004 Authentication vs Authorization Leverages system of record (HR, Student)

Why Use Grouper? Lower cost & time to deliver new services Simplify management by using the same group or role in many places Empower the right people to manage access, taking central IT out of the loop Increase transparency and auditability - see who can access what with a report rather than a fire drill - you don’t have to build access management on new systems. - make things more consistent by reusing same groups. - people closer to the app/service should control the access, rather than IT. – more information - doesn’t have to wait for IT to make a change, business owners have control

What can Grouper Control? Grouper integrates with almost any existing access management infrastructure

Core Capabilities Folders are often called stems. Folders contain groups and other folders. Indirect members also call effective members. Composite groups often called group math Intersection, Sum of two groups (union), Difference of two groups Permissions (this is really delegation) Folder – create group, create subfolder Group – admin, update membership, read membership, view group, opt-in, opt-out (take themselves in our out of group membership)

Additional Capabilities Attributes Roles Permissions Management Lifecycle attribute is a specification that defines a property of an object, like a manager A role attribute that describes a position within a company, a purchase manager f Attributes are objects like groups and folders. Can create them in folders. Attributes can be assigned to groups, folders, memberships, Role is a group with a permission assigned Permission which subject can perform which actions, on which resources. Role inheritance, subgroup to group Life cycle – start/end times for membership, rules, audits

Grouper Components Outside - Connects into things the organization is already running Inside (green) java application, runtime Multiple ways to integrate. CSU has focused on web services -

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.