cm authz provider
Question (TPA):
We are in the process of implementing CM and well as the cm-authz-provider. It almost seems like that the cm-authz-provider implementation could be general, usable by anybody, since it only makes calls to the CM API. Then if an institution implements/adjust the CM implementation, we wouldn't have to modify the cm-authz-provider and use it OOTB. Is that correct?
Answer (from Josh):
You are correct. There's no need to modify the group provider... just implement CM and configure the OOTB CM-based group provider in its components.xml file. More documentation will be coming, but the configuration is intended to be flexible and straight forward.