...
- Wrote WebAuth custom authentication filters
- Use AdCom LDAP as subject identity store
- Used Grouper WS and regular Grouper API to load and reload the AdCom FS hierarchy
- Used Grouper+Signet to inherit Group privileges to an individual
Comparisons to SAMS
- Signet privileges are analogous to SAMS functions
- Signet scope can be used to model SAMS hierarchies (with different subtrees for Payroll, FS, Academic hierarchies, etc)
- Can be extended to include resources in the Authz model (i.e. does user X have access to function y over objects 1,2 and 3 within limits a,b,c etc)
Pros of Grouper/Signet
...
- Privileges can be granted to Groups rather than just individuals.
- Great data model
- Easy to use API
- Grouper WS is adequate
Cons of Grouper/Signet
- No Signet WS so far
- Grouper WS is still in alpha
Questions
- Can a user extend Group inherited privileges?