Implementing Grouper ABAC (July 2024)
Watch the Recording | Download the slides
At the University of Michigan, we have found that Grouper ABAC allows us to provide access control groups for units that we could not have sustainably made or managed with reference groups and custom loaders. ABAC lets us keep the affiliation data fields in context, which is crucial for accurate access control. This enables distributed access control management while maintaining good auditability.
In conversations with other institutions, we learned that several other Grouper implementers were struggling with the same reference group conundrum that we faced. We would like to share our discoveries and processes to encourage other Grouper implementers to consider ABAC as well.
Contributor:
Liam Hoekenga, Application Developer Senior