Grouper's internal security implementation relies on two java interfaces, one for Naming Privileges and another for Access Privileges. Grouper ships with classes that implement these interfaces, but 3rd parties are free to supply their own and so manage Grouper privileges using a privilege management system external to Grouper. Two properties declare the java classes that Grouper will use to implement these interfaces:
|privileges.access.interface||classname of the java class that implements the Access Interface|
|privileges.naming.interface||classname of the java class that implements the Naming Interface|
Note: although we've provided the can and the dish, we haven't as yet eaten our own dogfood!
It would be a great add to the project to show how Grouper can leverage Shibboleth delivered assertions as a way to bootstrap Grouper privileges vai Shibboleth SSO.
ALSO: (maybe this should be a separate doc request, but it is very related...)
It would also be a similar great add to the project to show how Grouper can be leveraged by Shibboleth to deliver Grouper access policies vi Shibboleth assertions out to other SP's.