Skip to end of banner Go to start of banner

Enterprise Authorization Grouper Signet Evaluation

Skip to end of metadata

Created by Joshua Drummond , last modified by Neil Matatall on Mar 10, 2008

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Enterprise Authorization Grouper/Signet Evaluation

Proof of Concept Setup and Customizations

Wrote WebAuth custom authentication filters
Use AdCom LDAP as subject identity store
Used Grouper WS and regular Grouper API to load and reload the AdCom FS hierarchy
Used Grouper+Signet to inherit Group privileges to an individual

Comparisons to SAMS

Signet privileges are analogous to SAMS functions
Signet scope can be used to model SAMS hierarchies (with different subtrees for Payroll, FS, Academic hierarchies, etc)
Can be extended to include resources in the Authz model (i.e. does user X have access to function y over objects 1,2 and 3 within limits a,b,c etc)

Pros of Grouper/Signet

Privileges can be granted to Groups rather than just individuals.
Great data model
Easy to use API
Grouper WS is adequate

Cons of Grouper/Signet

No Signet WS so far
Grouper WS is still in alpha

Questions

Can a user extend Group inherited privileges?

No labels