Enterprise Authorization Working Group - 2008/02/07 Meeting

Attendees

Adrian P - Library
John R - Engineering
Isaac S - NACS
Dana W - NACS
Josh D - AdCom
Neil M - AdCom
Erik O - Student Affairs
Beth H - Communications
Jim K - Communications
Chris C - Communications

Discussion

Neil got a Signet demo server up with WebAuth integration for authentication
We took a step back and discussed current options for authorization services:
- Grouper/Signet - we would probably have to become project members and influence the direction of the project, or branch and create our own version, as there are plenty of gaps between what it currently offers and what we would need for a campus-wide solution that we would need to build
- Rewrite SAMS or develop something new
- LDAP only- it was discussed that LDAP itself is just a protocol to a generic data store, an authorization service would include a domain specific user interface to manipulate access and business rules behind the data. LDAP just by itself is not a solution. However we could use LDAP as an interface to a true authorization service for applications that only talk LDAP, or do exports from a authorization service into LDAP.
- Vendor solutions
  - Novell - Dana has looked at in the past and said it looks really nice, not sure about price
  - Sun - they offer Access Manager which is part of the JES suite which is free for UCI, however Dana mentioned they looked at it and is pretty complicated to implement without consultants. Berkeley recently spent $2 million implementing it. Also unsure how deeply coupled it is with the other solutions in the suite, i.e. the identity management and WebSSO portions
  - Microsoft?
So it seems a question between researching Grouper/Signet and committing possible development time into it, or putting money toward a proven vendor solution
It was agreed that it would be prudent to continue down the road of researching Grouper/Signet's current features, evaluating and getting presentations from vendor solutions, and formalizing our requirements

Action Items

Josh/Neil will continue researching Grouper/Signet and create proof-of-concept modeling SAMS features and documenting the gaps
Dana will schedule a meeting with Novell vendor to evaluate their product
Adrian will ask UCSD contact what they use
Begin putting together a requirements spec document to formalize the features we are evaluating based on
Josh will ping the UC IdMgmt group to find out what other UC schools are using

Browser not supported