Fall 2010 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Delegated Access Control in AD using Grouper

Time 11/02/10 04:30PM-05:30PM

We do not host flash-based video files on our servers anymore. Please contact Web Support for further details about netcast videos.

Session Abstract

Duke University is engaged in a multi-quarter effort to enhance and integrate its institutional Active Directory offering with institutional IDM facilities -- economies of scale, coupled with the security and efficiency advantages of an IDM-integrate AD offering make a central AD environment attractive. A prerequisite for many departments' migration into a more centralized AD environment is the ability to provide bounded, granular delegation of administrative controls to departmental IT managers and IT staff while maintaining tight integration with institutional identity management systems. During the MACE-paccman session at the Spring 2010 MM, we outlined a prototype scheme for managing such access control delegation using institutional IDM information and Grouper groups and permissions. That scheme has been implemented and will be in production use within a dozen or more departments by November. This talk will cover the theoretical model being used, the technical implementation we've deployed, and some of the political and governance issues that have arisen during the implementation of the scheme, and will include a live demonstration of the implementation and time for open discussion and Q&A.


Speaker Rob Carter Duke University

Speaker Shilen Patel Duke University

Presentation Media

media item thumbnail Delegated Access Control in AD using Grouper (pdf)

Speaker Rob Carter Duke University

Speaker Jeffry Handal Louisiana State University

Speaker Shilen Patel Duke University

Secondary tracks Middleware

gold Sponsors