Child pages
  • Grouper Call 11-Feb-2015
Skip to end of metadata
Go to start of metadata

 


NotesGrouper Call of Wed., Feb. 11, 2015

Attending:

Tom Barton, U. Chicago, chair  

Steven Carmody, Brown

Chris Hyzer, U. Penn  

Pregash Devasagayam, U of Colorado Boulder

Marwan Shaher, U of Colorado Boulder

Shilen Patel, Duke  

Misagh Moayyed, Unicon

David Langenberg, U. Chicago

Emily Eisbruch, Internet2, scribe



Action Items


[AI] (Chris) reorganize wiki pages to create better left navigation bar (DONE)


[AI] (DaveL) record ideas about handling categories based on the Feb. 11 Grouper call discussion on the Post PSP Provisioning page


Carry Over Action Items

[AI] (Misagh and Chris) will test the unmappable character  issue using Unicode. Then create wiki page to document the approach.

[AI] (DaveL) follow up on provisioning empty groups to LDAP to be sure the solution is documented 

[AI] (DaveL) Follow Up with Michael Girgis, U. Chicago, and see if Chicago does any sort of validation of websites for accessibility using some kind of Tools. (email sent)

[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3. (ongoing TODO)  Page with list

[AI] Chris do training videos on upgrading and patching.

[AI] (Shilen) create Grouper training videos on the new Grouper UI (first two are done)

[AI] (Emily) categorize Grouper Adopter Sketches using Confluence Labels. (started, see Use Cases by Category )

[AI] Tom to bring pen testing need into TIER process (remains long term)

Discussion

 Grouper Wiki organization - administrative guides, especially left nav

[AI] (Chris) reorganize wiki pages to create better left navigation bar (DONE)

UTF-8: good to go?

need to get source to compile

Guidelines needed for Grouper UI internationalization

test case now compiles better

rights inheritance: all set?

rules usage discussion

Chris plans to patch this.(Done as of Feb 2015) See:

https://bugs.internet2.edu/jira/browse/GRP-1109

variant provisioning of groups by target, Brown experience (Steve Carmody)

https://spaces.internet2.edu/display/Grouper/Functionality+-+Categories+for+Groups

Brown has a use case: 

-requests from depts that want updates to course group memberships

-There are many targets, many types of groups

-Google and AD have different default set of properties

-chatted w Rob Carter on Duke's approach (change log surgery) for default permissions

More tradition-bound windows approach at Brown, using AD out of the box, where a group is visible by default to anyone who can log in to that domain

Registrars require that membership in a course group must be hidden to other students

So course groups must be private, while dept groups should be public

This is easy to do in Google where only members of the group can see it

But in AD, the defaults must be changed

-the connectors (Google or AD connector) must have additional info on the category of group

need to set properties in the target system based on the category type

now have 6-7 categories such as

 -projectOpen and projectPrivate

-who can view

-who can post

-can the group include members from outside Brown?

-which targets to we auto-replicate it to?

End up with a big matrix and need to figure out how to implement each item in the matrix

need to create groups in AD w different properties

For some groups, when you create a property, this has an impact in Grouper (visible vs not visible in Grouper)

Brown is currently using attributes and is planning to start writing custom code

Other campuses have some of these issues too

Hope to have capabilities to address this in future Grouper release

"Create Group" action in Grouper should have a way to specify the category

This category is different from most of the other attributes (specifying thing list LastUpdateTime  etc))

This category is more like a controlling property

Maybe it should not  be done with “Create Group”, maybe an “Assign Category” feature

Then it would be necessary to follow a workflow that includes assign category

Another issue: Group name is path plus name, but that’s not the case w AD, so group name must be unique in entire domain

Chicago is putting group names in AD

DaveL: would be good to set one flag and have the system take care of the rest

Q: How many categories would be needed?

A: StevenC: fewer than 12

Brown is looking at door access control w Grouper groups

Duke is doing this

Brown looking at a rules model

DaveL : SCIM may need to have added the concept an attribute on a group

issue of separation of duties between message sender and the target?

[AI] (DaveL) record ideas about handling categories based on the Feb. 11, 2015 Grouper call discussion on the Post PSP Provisioning page

U. Colorado - also interested in AD

deploying Grouper for distribution list, resource, exchange

want to have an extra group created for include/exclude

ACL group that’s automatically created in Grouper

U Colorado posted that on the Grouper list

https://lists.internet2.edu/sympa/arc/grouper-dev/2015-02/msg00003.html

Topic for Next Call

 message formats  

Next Grouper-Dev Call: Wed. Feb. 25, 2015 

 

  • No labels