Grouper Call of Jan. 4, 2023

Attending 

• Chris Hyzer, Penn, Chair
• Vivek Sachdiva, independent  
• Shilen Patel, Duke
• Chad Redman, UNC
• Carey Black, Purdue
• Gabor Eszes, Univ of Virginia
• David Hutchins, Univ of Virginia
• Kellen Murphy, Univ of Virginia
• Jeremiah Haywood, Illinois State U
• Chris Hubing, Internet2
• Drew Aschenbrener, Internet2
• Emily Eisbruch, Internet2

Administrivia

•  Internet2 Intellectual Property Policy
  
• Review AIs  Grouper Project Action Items (Google Doc)
  
•  Agenda Bash
  

NEW ACTION ITEM

• AI Chris add diagram to the Roles in Provisioning wiki 
  

Administrivia

•  Internet2 Intellectual Property Policy
  
• Review AIs  Grouper Project Action Items (Google Doc)
  
•  Agenda Bash
  

Roadmap and ABAC work

University of Virginia is eager to use ABAC with Grouper

Roadmap: working on Grouper 2.6 https://spaces.at.internet2.edu/display/Grouper/Grouper+Product+Roadmap

• Vivek wrapping up last provisioner from 2.5 remedy
  
• Chris looking at entity recalcs  
  
• Recalc means compare source and target
  
• Incremental is partial 
  
• Should be able to recalc entity if needed
  
• Provisioning Framework was previously group centric, did group recalcs but not entity
  
• Now will do entity recalc
  
  
• Talking about ability to use attribute framework attributes instead of metadata to provision
  
• Talking about object level caching
  
• Provisioning with things that have roles, see design document
  

Next Grouper version is v5 

See Versioning & Support Policy

Proof of Concept has been started on the ABAC work

• Config built out
  
• UI to edit the config
  
• Some of the engine to do a full sync of attributes
  
• Prioritization is up in the air
  
• Need to get Grouper 2.6 out
  
• We may be able to focus on ABAC for v5
  

Current Projects

Vivek

• Adding provisioner for Remedy
  
• Can configure, like with other provisioners
  
• Supports permission group and permission group ID for example
  
• Working on unit tests
  
• Then will work on Remedy marketplace provisioner
  
  
  
• JEXL testing
  
• Idea - for JEXL in provisioning or subject source, there will be a null checking script.  To prevent exceptions if you misspell.
  
  
• Also, will add no check configs to the provisioner
  
  
  
• Setting up the DDL for v5
  
• New tables
  
• Added global assign
  
• Timestamps for dates and integer foreign keys
  
• Database should be able to join, index, find
  
• Also worked on configure provisioning default value re attribute assignment
  
  

Shilen

• Updated the v5 branch with EHcache
  
• Need to do Java and tomcat upgrade
  
  

Chris

• Grouper 2.6.19.1 is out, need to announce
  
• Roles in provisioning
  
• https://spaces.at.internet2.edu/display/Grouper/Grouper+provisioning+roles
  
• AI Chris add diagram to the Roles in Provisioning wiki 
  
• Metadata links up roles
  
• Doing more with foreign keys
  

Chad 

• https://todos.internet2.edu/projects/GRP/issues/GRP-4530?filter=allissues
  
• Container startup changes file permissions in /opt/grouper/slashRoot if GROUPER_RUN_TOMCAT_NOT_SUPERVISOR=false
  
• Chris Hyzer: Best to commit to the next version, put that in 2.6.20
  

Issue Roundup 

Jiras in past two weeks

• 
  GRP-4555
  multi-valued metadata should be editable on screen
  
  
• 
  GRP-4554
  Upgrade hibernate and ehcache in Grouper 2.5
  
  
• 
  GRP-4553
  attributeassignmembershipdelegate needs privilege revision
  
  
  
  
• 
  GRP-4552
  change default of configuration for provisioning canChange / canUpdate to true
  
  
  
• 
  GRP-4551
  cannot see canChange or canUpdate on folder metadata (defaults to false)
  
  
  
• 
  GRP-4550
  subjects can not see folders where everyentity has a privilege on object in folder
  
  
  
• 
  GRP-4549
  provisioning metadata problems
  
  
  
• 
  GRP-4548
  SUpport file attachments in workflows
  
  
  
• 
  GRP-4547
  Support start/end dates in workflow
  
  
  
• 
  GRP-4546
  substitute gsh template dollar with unicode '$', or at least give a good error
  
  
  
• 
  GRP-4545
  give good error message if grouperIncludeExclude.use = false (default) and loader addIncludeExclude
  
  
  
• 
  GRP-4544
  provisioning framework box provisioner
  
  
  
• 
  GRP-4543
  upgrade postgres driver for cve
  
  
  
• 
  GRP-4542
  add database config id to sql reports
  
  
  
  

Grouper Emails in past two weeks

          none

Grouper wiki updates in past two weeks

• Assign Attributes Batch
  
• v2.5 Release Notes
  
• Grouper data field and subject source next generation
  
• Grouper membership eligibility requirements
  
• v2.6 Release Notes
  

Next Grouper Call: Wed Jan 18, 2023