I’m spending the first morning at the Spring Internet2 meeting focusing on Grouper and COmanage, which fits in nicely with the discussions on the jisc-shib list on extending attribute usage.
Upcoming functionality in v1.5.0 of Grouper: namespace transition (i.e. the ability to move and copy groups), audit facilities, indirect membership management, and possible work on the attribute framework (in terms of adding parameters to groups in terms of a full understanding of what a role can do).
One of the interesting questions is around the attribute framework. The work of the Signet application, which assigned privileges to groups and individuals, did not take off as a standalone piece of work. This is now being developed as part of both Grouper and COmanage, but more work is needed to support this complex information flow.
The question of user interfaces was discussed by the group. SurfNet has done some work on a simple GUI to allow people to log-in with a federated ID and then manage their own groups. The University of Washington has is about to move towards a Grouper implementation using. The UI within the Grouper package is not seen as applicable to end-users – it is purely for systems administrators – so more work is needed in this area. In the UK, the University of Newcastle has done some work in this area as part of the G-FIVO project. For Grouper to be really applicable in the UK, I think that more work is needed on the UI issue – this may be an interesting area for the upcoming Access and Identity Management Programme.
Another area for development is the position of groups management within the institutional hierarchy, and understanding of ‘official’ institutional groups and hierarchy and those that have been developed for other purposes. The ‘official’ status of a group is very difficult to determine, but it is important to understand where and how a group was developed and its role within the institution. This will increase the opportunities for reuse of groups and labels – a positive thing from a management perspective.
COmanage is intended to be undetectable to end-users. COmanage being used in relation to Confluence should look like Confluence for end-users. However, unlike Grouper, COmanage is intended to focus on user interfaces to allow a larger groups of users to create and manage groups to facilitate wider use of collaboration management.
Some of the issues raised by the attendees at the group session were:
- Regular versus virtual organisations: revocation of user rights becomes complex;
- Pushing the tool beyond the educational domain;
- ‘Domesticating’ other tools to work with COmanage;
1 comment
Comments feed for this article
Trackback link
http://access.jiscinvolve.org/wp/grouper-and-comanage/trackback/
April 27, 2009 at 5:43 pm
Rhys Smith
We at Cardiff University have also produced our own customised interface to Grouper, for various reasons. See JISC project CUCKOO’s reports for more details.
One of the major things we identified when implementing this all is not technical – it was the need for a “Groups manager”, responsible for managing naming, ownership, and all the administrative things necessary to stop it becoming a melee.