/
Enterprise Authorization Working Group Meeting Minutes 2008-02-07

Enterprise Authorization Working Group Meeting Minutes 2008-02-07

Owned by Joshua Drummond
Last updated: Mar 11, 2008Version comment

 Enterprise Authorization Working Group - 2008/02/07 Meeting


 Attendees

  • Adrian P - Library
  • John R - Engineering
  • Isaac S - NACS
  • Dana W - NACS
  • Josh D - AdCom
  • Neil M - AdCom
  • Erik O - Student Affairs
  • Beth H - Communications
  • Jim K - Communications
  • Chris C - Communications

Discussion

  • Neil got a Signet demo server up with WebAuth integration for authentication
  • We took a step back and discussed current options for authorization services:
    • Grouper/Signet - we would probably have to become project members and influence the direction of the project, or branch and create our own version, as there are plenty of gaps between what it currently offers and what we would need for a campus-wide solution that we would need to build
    • Rewrite SAMS or develop something new
    • LDAP only- it was discussed that LDAP itself is just a protocol to a generic data store, an authorization service would include a domain specific user interface to manipulate access and business rules behind the data.  LDAP just by itself is not a solution.  However we could use LDAP as an interface to a true authorization service for applications that only talk LDAP, or do exports from a authorization service into LDAP.
    • Vendor solutions
      • Novell - Dana has looked at in the past and said it looks really nice, not sure about price
      • Sun - they offer Access Manager which is part of the JES suite which is free for UCI, however Dana mentioned they looked at it and is pretty complicated to implement without consultants.  Berkeley recently spent $2 million implementing it.  Also unsure how deeply coupled it is with the other solutions in the suite, i.e. the identity management and WebSSO portions
      • Microsoft?
  • So it seems a question between researching Grouper/Signet and committing possible development time into it, or putting money toward a proven vendor solution
  • It was agreed that it would be prudent to continue down the road of researching Grouper/Signet's current features, evaluating and getting presentations from vendor solutions, and formalizing our requirements

Action Items

  • Josh/Neil will continue researching Grouper/Signet and create proof-of-concept modeling SAMS features and documenting the gaps
  • Dana will schedule a meeting with Novell vendor to evaluate their product
  • Adrian will ask UCSD contact what they use
  • Begin putting together a requirements spec document to formalize the features we are evaluating based on
  • Josh will ping the UC IdMgmt group to find out what other UC schools are using