/
Group entitlement
Group entitlement
- Peter Lényi
Owned by Peter Lényi
Group entitlement is one of common ways for a service provider to use claims issued by an identity provider or a proxy for access control.
It requires another component (IdM system, database, LDAP etc.) to provide information about users and groups they are members of. The information is used by the identity provider or proxy to construct group entitlements – string attributes in a specific form (see AARC-G069) – and issues them on request.
Group entitlement is a form of group-based access control. Its weakness, esp. compared to resource capabilities, is direct dependency on group names and group structures, making it difficult to change either of those.
.svg?api=v2){kind=link}
.png?api=v2){kind=link}
, multiple selections available,
Related content
Resource capability
Resource capability
More like this
Entitlements
Entitlements
More like this
Entitlement attribute
Entitlement attribute
More like this
Assigning groups to Resources
Assigning groups to Resources
More like this
Support: perun@cesnet.cz