The presentation on groups and permissions service configuration that was given at the JA-SIG uPortal conference June 13, 2005, is available in PPT format.
Groups and Permissions ("GAP") is the name given to 2 related frameworks that grew out of the effort to write an authorization service for uPortal. The groups framework presents an API for querying and maintaining a system of grouped entities. It is a "lower level" API that can be used to support a variety of activities including authorization and managing arbitrary collections of things, like buddy groups or address lists. By contrast, the permissions framework presents a simple API to do one thing: authorization. Its reference implementation makes use of the groups API.
Spinning off the Frameworks
We have decided to extract the groups and permissions code from the uPortal codebase and make it available to uPortal3 and other applications as .jars that can be dropped in and configured without agony.
See this page for more information.
The basic groups model is described in the Developers Guide to Groups, which is aimed at developers who want to write to or implement the groups APIs, for example to write a new group store that connects to some local resource.
The Group Service is a composite composed of component sources of group, role or directory information. Its job is to aggregate these sources into a coherent whole and present an organizational model to clients in the form of group memberships. The service design and configuration are documented in the Composite Group Service Configuration Guide. This is aimed at deployers and administrators.
The Composite Group Service is assembled from component services that connect to back end sources. They may include, but are not limited to:
- The Local Group Service
- The Person Attributes Group Service ("PAGS")
- The Just-in-time LDAP Group Service ("JitLDAP")
- The LDAP Group Service
- The Filesystem Group Service
The permissions framework started as a system of roles in uPortal 1.5 and has continued to evolve. Start by reading about the requirements that have motivated, and continue to motivate the design.