Changes between Version 2 and Version 3 of GoalsZUAUSR


Ignore:
Timestamp:
06/22/12 15:03:14 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • GoalsZUAUSR

    v2 v3  
    33 
    44Distributed Group and Role Provisioning 
    5 Statement of Work for deploying, configuring, and integrating Grouper at University of Alaska  draft 2012-04-19 
     5Statement of goals for deploying, configuring, and integrating Grouper at University of Alaska to eventually replace in-house ZUAUSR 
    66 
    77University of Alaska currently provisions group memberships and privileges for administrative users using an aging in-house developed tool ZUAUSR*.  ZUAUSR is a legacy application providing key administrative functionality but with strong dependence on specific proprietary operating systems that are at or near end-of-life.  We propose to replace this functionality with the adoption of a widely deployed standards-based supported product, Grouper <http://www.internet2.edu/pubs/grouper-infosheet.pdf>.  This  deployment will remove the unique proprietary OS dependencies that threaten existing operations and also enable extensions of current functionality not feasible with the current legacy product: 
     
    1111        • Incorporate current best practices and applicable de facto and formal industry standards 
    1212        • Provide for future enhancements by adopting a product actively enhanced and evolving to address new needs 
    13         • Enable requested function of provisioning of group memberships and attributes - that is, enable provisioning to non-administrative users 
    14         • Increase flexibility of adding roles or groups  
    15            by adopting a modern structured architecture designed from the ground up for general and flexible use 
    16         • Increase transparency of assigned permissions  
    17           by providing enhanced user interfaces to view both the hierarchy of classes and the assignment of classes to individual users 
     13        • Enable requested function of provisioning of group memberships and attributes - that is, enable provisioning to non-administrative users[[BR]] 
     14        • Increase flexibility of adding roles or groups by adopting a modern structured architecture designed from the ground up for general and flexible use[[BR]] 
     15        • Increase transparency of assigned permissions by providing enhanced user interfaces to view both the hierarchy of classes and the assignment of classes to individual users[[BR]] 
    1816        • Enable services to consume or utilize group memberships using defined interfaces to the classes database 
    1917 
    2018The work to be delivered is the following: 
    21         • Deploy production and development instances of Grouper;  
    22           "production" entails an instance tested and accepted for use with other UA systems, running on a redundant platform with active monitoring 
    23         • Port the existing ZUAUSR superclasses to the Grouper database 
    24         • Provide authentication and authorization to Grouper via UA-standard SAML IdP, verifying users with UA-Username & AD password 
    25         • Port existing ZUAUSR superclass request forms (Oracle Forms) to a modern supported web-based forms connected to Grouper 
    26         • Port existing ZUAUSR provisioning capabilities to connectors between Grouper and Oracle, LDAP, and AD 
    27         • Documentation for all configurations, interfaces, and connectors 
    28         • Knowledge transfer to OIT of maintenance and operation of Grouper, connectors, and interfaces 
     19        • Deploy production and development instances of Grouper; "production" entails an instance tested and accepted for use with other UA systems, running on a redundant platform with active monitoring[[BR]] 
     20        • Port the existing ZUAUSR superclasses to the Grouper database[[BR]] 
     21        • Provide authentication and authorization to Grouper via UA-standard SAML IdP, verifying users with UA-Username & AD password[[BR]] 
     22        • Port existing ZUAUSR superclass request forms (Oracle Forms) to a modern supported web-based forms connected to Grouper[[BR]] 
     23        • Port existing ZUAUSR provisioning capabilities to connectors between Grouper and Oracle, LDAP, and AD[[BR]] 
     24        • Documentation for all configurations, interfaces, and connectors[[BR]] 
     25        • Knowledge transfer to OIT of maintenance and operation of Grouper, connectors, and interfaces[[BR]] 
    2926 
    3027