1 / 21

Intro to Grouper

Intro to Grouper. There’s nothing fishy about Identity Management with Grouper. What is Grouper. ?. Grouper in the Identity Ecosystem. Grouper (Internet2). Core functionality: Groups provisioning & de-provisioning engine Downstream Provisioning Service Standardized API

ovid
Download Presentation

Intro to Grouper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro to Grouper There’s nothing fishy about Identity Management with Grouper

  2. What is Grouper ?

  3. Grouper in the Identity Ecosystem

  4. Grouper (Internet2) • Core functionality: • Groups provisioning & de-provisioning engine • Downstream Provisioning Service • Standardized API • Web and Shell front-end • Rich privilege-based access control permits delegated management of groups • Key component in Access Management

  5. What IS Access Management? In Short: Grant authenticated User A the right to perform Operation B on Resource C according to Policy D

  6. Stage 1: Authenticate, provide common attributes • Stage 2: Group entities based on Systems of Record • Stage 3: Delegate Group and Resource Management • Stage 4: Move Access Mgmt decisions from services to central system(s)

  7. Stage 1 • LDAP • CAS • Shibboleth • Kerberos • Mostly solved

  8. Stage 2: Groups

  9. Grouper: Basics Folders in hierarchies Group Direct members Subgroup Indirect members = Composite groups U

  10. Grouper: Attributes

  11. Stage 3: Delegate

  12. Grouper delegation • Create groups • Create subfolders • Admin • Update membership • Read membership • View group • Opt-in • Opt-out Delegation

  13. Stage 4: Centralized Permissions Management

  14. Permissions Attributes Role inheritance Roles Permissions Attribute definition Permission definition

  15. Permission Attributes

  16. Grouper Components

  17. Grouper Loader • Grouper’s populating engine • Load from LDAP • Load from AD • Load from SQL (Tables or Views) • Write your own import code

  18. Grouper Quickstart • New version with v2.1. Download the JAR and run • Install in under 10 minutes on Linux, OS X (suggest Xcode first) • Automatically grabs pieces that it needs (Tomcat, Ant, libraries) • Pre-populates example DB

  19. Grouper Challenges • Documentation is “OK” • UI is weak (but being rewritten) • Change is quick – could be hard to keep up

  20. Why Grouper? • Open source, community-driven project of the Internet2 Middleware Initiative • Initial release v0.5 in December 2004 • v2.1 released in 2011 • v2.2 due 2012Q4 • Mature code base with at least 20 Higher-Ed contributing sites world-wide • Developed By and For Higher-Ed

  21. Grouper At SFU Rob Urquhart June 2012

More Related