Representatives for Grouper met with ITS July 15th to 17th to introduce their product. From the website:
“Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to Universities. Operating a central access management system that supports both central and distributed IT reduces risk.”
Three members of library IT, Steelsen Smith, Lakeisha Robinson and Eric James were in attendance for the Wednesday session. The morning started with an overview of the product, in essence a java stack with a programming and web service API. It was demonstrated how it can pull together subject information from external identity management providers, and provide a means for creating and managing groups of users, with attributes, privileges, permissions, and roles that can be made available for applications requiring group level authentication and authorization. Group membership information can then be combined and reused in exclusion and inclusion logic allowing for an extendable set of permissions at the application level. The session delved into the use cases of 3 subsets of university IT – person registries, learning management systems, and library systems. So, for example, a course managed in canvas or sakai could use groups of shoppers, instructors, TA’s, guests, and enrolled students to grant dynamic privileges to course materials. VPN usage campus wide could be administered with fine control and help manage provisioning workflows. Restricted library collections such as the Henry Kissinger Papers could efficiently manage sets of permissions by including patrons in pragmatically defined authorization groups. Common to each of the use cases is the challenge of integrating the different identity providers feeding the grouper application with interoperable and unique subject information. Stay tuned for further developments, including a potential rollout in the December timeframe.