Grouper Call of Jan. 31, 2024

Attending 

  • Chris Hyzer, Penn, Chair
  • Chad Redmond, Unicon
  • Jim Beard, Unicon
  • Vivek Sachdiva, independent
  • Shilen Patel, Duke
  • Carey Black, Purdue
  •  Daniel Fisher, Va Tech
  • Chris Hubing, Internet2

  • Drew Aschenbrener, Internet2

  • Steve  Zoppi, Internet2
  • Emily Eisbruch, Internet2


Administrivia

New Action Items from this call

  • Chris Hyzer - put  the idea of changing the Group Screen to show higher level info in a Jira  and/or on the Grouper roadmap  
  •  Chris Hyzer – post more source code for the UPenn email use case, per community requests
  •  Shilen - check that Grouper doc on composites is up to date. The   developer doc is here:  https://spaces.at.internet2.edu/display/Grouper/Composite+changes  Are there items/implications that should be in the main Grouper wiki? 

Grouper Blog Published, January 2024


Grouper Training 

  • March 12-15, 2024, online
  • https://incommon.org/academy/grouper-school/
  • New self-paced training in 2024.  
  • Advanced topic for Grouper self-paced training:

    • Provisioning?  
    • GSH templates?  Could GSH Template be a walk thru guide, as UI element? This will open possibilities in how to “walk thru” things in Grouper. Requires API knowledge
    • GSH daemon?  
    • GSH?  
    • Loader?  
    • Subject sources (not used often enough)?  
    • Data fields (too soon)? 
    • ABAC (too soon)?
    • SCIM provisioner 


Steve Zoppi 

  • Comments on big picture in Trust and Identity in 2024
  • We are at an important junction
  • 2023 was good for training and other outreach
  • Grouper stands alone, no other products do what Grouper does 
  • Commercial sector addresses our space poorly 
  • Efforts to address Grouper documentation are valuable and appreciated
  • Progress has been made in weeding out old Grouper doc
  • In 2023, Internet2 engaged a firm Second Muse to coordinate development  of InCommon Futures Report
  • Also Internet2 developed new 5 year plan 
  • Community's perception has evolved
  • Used to be the projects would develop whatever ideas the community came up with
  • Now there is an expectation that Internet2, the catalysts and the projects (such as Grouper), will help make up for situation where institutions are losing some of the their institutional memory on HOW TO DO things around identity management
  • Complexity of use cases is increasing
  • Number of people experienced enough to address use cases is decreasing
  • Internet2/InCommon component architects meet every 2 weeks. Chris Hyzer and Chris Hubing join those calls
  • 2024 Statement of Work Guidance 
  • 2024 Statements of Work - Guidance (Final) - Google Docs
  • Grouper team members, please read 2024 Statement of Work Guidance 
  • Priorities include quality code, documentation, ease of use, 
  • This year telemetry (understanding who is using the products)  becomes even more important, 
  • consistent packaging
  • Documentation must be completed concurrent with release 
  • Question: Tradeoff between offering and “selling” doc and training
  • Doc and training complement each other
  • Gray line between: how much to do in video versus in written material 
  • Want a reasonable balance between written doc for reference doc for practitioners implementing, and want non technical documentation so people can understand how Grouper can address their use cases


Current Work

Vivek

  • Provisioning - effort to make things provisionable is done in v4 and will be moved to v5
  • Will be easier to set up provisioners on groups and folders
  • View in one screen and see why something is provisionable
  • Will try to default new features to v5 moving forward

  • Screens to view and edit rules
  • Currently managing rules using attribute assignments
  • Grouper rules patterns
  • Under folder options, you can choose rules
  • This shows rules referenced with this folder
  • A rule attached with  a folder
  • Actions column on left of screen
  • Wizard, behaves like a “start with” for provisioning, you select a pattern, you get more options
  • Eventually rule gets added
  • In Provisioning there are many options and you can’t go back to start with
  • For rules, it’s more simple, so if you can edit the rule using the wizard
  • You can also edit it as a custom rule
  • Just getting started on this work
  • Vivek is making good progress
  •  Carey: things get buried under a menu button or tab
  • Some things would be good to elevate / surface to a higher level, such as a rule on a group
  • How to generically represent all the properties of a group that a user might need to manage
  • Chris Hyzer: Eventually the main group screen will not show members but will show the higher level info
  • CHRIS AI: Put  the idea of changing Group Screen to show higher level info to Jira  and/or roadmap 
  • Membership requirements are easier way to do what a rule does.
  • Do we need to review this doc re rules and membership requirements? https://spaces.at.internet2.edu/display/Grouper/Access+Management+Features+Overview


Shilen

  • Composites work is done
  • Gets added to change log
  • Is the documentation up to date? Shilen will check
  • AI Shilen check that Grouper doc on composites is up to date
  • https://spaces.at.internet2.edu/display/Grouper/Composite+changes

  • Ability to stop a daemon in v5+
  • Working on: Disable on daemon screen in UI should try to stop a currently running daemon
  • Race conditions… date of when disabled, in case you enable job and it terminates, keep timestamp of last check, Shilen will add that
  • Sometimes daemons are disabled but you run in Java instead of scheduling..
  • If not scheduled it won’t be disabled
  • List should be things running and have a table in quartz of what's disabled?
  • Shilen will look at that


Chris

  • Membership requirements screen adjustments
  • ABAC aliases
  • GrouperSession work
    • Did GrouperTest used to create a root session?  Do we want it to be that way going forward?  DB connection issue?
  • Startup and not being able to delete built in groups
  • SCIM disable users
  • Group attribute for roles (like entity isInGroup)

Penn Use Case - Chris presented an advanced use case from Penn, showing course grained authorization 

Survey

  • Chris Hubing has a survey on topics like Source Code Management (SCM) and Build/Test/Deploy Automation that he would like Grouper community members to respond to Grouper Interview

 

Issue Round up


JIRAS


Grouper Wiki updates



Grouper-User emails (none)

  • Slack, not email, is recommended for Grouper support


 

Next Grouper Call: Wed Feb 14, 2024



  • No labels