1. Grouper attributes and privileges FUTURE features in Internet2 MACE Grouper June 2009 Chris Hyzer University of Pennsylvania Internet2

2. Grouper attributes and privileges  Grouper is an Internet2 open-source funded product – 5+ years old – Java, multi-platform, database vendor agnostic  The UPCOMING (fall 2009) 1.5 release will have more access management features – Many features discussed in this presentation are not implemented, the design is not final, and the timeline for the features is not decided!!!!!!! – If you have a use case that needs features, let the grouper-dev list know – Implementation has started  Attribute framework including privileges and roles  This talk will outline some potential features of this enhancement 3/4/2016 Internet2 MACE Grouper2 Introduction

3. Grouper attributes and privileges 3/4/2016 Internet2 MACE Grouper3 Penn’s Grouper architecture

4. Grouper attributes and privileges  Define attributes in namespace (organize and delegate) – E.g. penn:apps:payroll:schools:engineeringSchool – Attributes have: uuid, system name, display name, description  Assign attributes to groups, memberships, subjects, stems, or other attributes – E.g. user John Smith, while in the payrollUsers role can read engineering school data (in the payroll system )  Allow fields/actions/verbs – In the above example, there might be “read” or “write”  Attribute could have a value (text, numeric, timestamp) – E.g. user Jim in the ptoUsers role has the attribute proxyFor 12345678  Attributes could be multivalued – E.g. proxyFor 12345678 and 12345679 3/4/2016 Internet2 MACE Grouper4 Attribute framework

5. Grouper attributes and privileges  Inherit from object (e.g. can read attribute if can read Group)  Custom (similar to how Grouper secures memberships): only certain subjects (people, systems, groups) can: – Create new attributes – Admin (edit / delete) attributes – View that attributes exist – Read attribute assignments – Update (add/edit/delete) attribute assignments/values – Optin to an attribute assignment – Optout of an attribute assignment 3/4/2016 Internet2 MACE Grouper5 Two attribute security strategies available

6. Grouper attributes and privileges  Attributes could be in an attribute set, where an assignment to the parent, implies assignment to the descendents – E.g. if I can read English data, I can read English201 data  Role hierarchies – E.g. if I am a senior loan administrator, I can do everything a normal loan administrator can do, and more  Effective group memberships – If a privilege is assigned to the IT department role, and Steven Jones is in the org123 group, which is in the org12 group, which is in the IT department role, then Steven Jones effectively has the privilege 3/4/2016 Internet2 MACE Grouper6 Effective attributes (indirect)

7. Grouper attributes and privileges  Limit permission use – E.g. permissions in penn:apps:payroll:orgs:% can only be assigned to memberships in roles: penn:apps:payroll:roles:%  Formatting and validation on attribute values – E.g. timestamps are stored as ints, but displayed with this mask: dd- Mon-yyyy, and must be between now and 10 years from now  Enabled or disabled dates on memberships and attributes  Meta attributes could be used as limits for privileges – E.g. approve if amount is less than $50,000 3/4/2016 Internet2 MACE Grouper7 Metadata for organizing and user interfaces

8. Grouper attributes and privileges  Web based J2ee user interface  SOAP / Rest web services (lite or batched) – Including a decision point: does A have read on payroll data for org123?  Command line administrator tool: GSH  Command line client tool / library: Grouper client  Auditing (user auditing and point in time)  Change log / notifications: incremental provisioning out of Grouper  LDAP provisioning  Hooks infrastructure for customizations  Subject API  Composite groups – E.g. if not active employee anymore, remove privs – Whitelist / blacklist  Dynamic groups: maintained by grouperLoader 3/4/2016 Internet2 MACE Grouper8 Leverage existing (and future) Grouper features