Child pages
  • Grouper Call 13-July-2016
Skip to end of metadata
Go to start of metadata

 

 

Grouper Call Wed. July  13, 2016

Note: this call was devoted to discussion of the NYU use case.


Attending:

Chris Hyzer, U  Penn, Chair

Nick Roy, InCommon

Mike Zawacki - Internet2 

Michael Hodges, U of Hawaii

Gary Chapman, NYU

Julio Macavilca, NYU

Shilen Patel, Duke

Jon Miner, U Wisc

James Babb, U Wis 

Bill Thompson, Lafayette College

Jim Fox, University of Washington

Gail Dunmire, PSU

Kumi Hagimoto, Oregon State University

Emily Eisbruch, Internet2


Discussion

  • Welcome to Gary Chapman, NYU

  • Welcome to members of the TIER-API and TIER-Registries Working Groups


NYU materials:

Project summary: 

https://drive.google.com/file/d/0B15g56CxPnnvQnR6b0JpNnhCc00/view?usp=sharing

Screenshots: 

https://drive.google.com/file/d/0B15g56CxPnnvVUhfVlVNcmxlRXc/view?usp=sharing 


  • NYU is developing a full fledged IAM service at NYU and leveraging Grouper

  • NYU has been using Grouper for several years

  • Decided to move to the next steps regarding groups management service

  • Plan to publicize to application partners throughout NYU that we have a defined process for groups (like SSO is publicized)

  • Hope to have groups management for an increasing number of services

  • This enhanced group strategy fits well with applications being developed at NYU. such as new portal system

  • Encountered issue with Google Apps

    • Had allowed people to create groups

    • Had 10,000 - 20,000 user created groups

    • Issue with people creating a group with all NYU community members

    • So use of Google Groups was then restricted to admins, not self service anymore

  • Plan is to create a UI that is as simple as possible for end-users

  • Users will designate which applications the groups will be visible to

  • Google groups will be key

  • If that is successful, the assumption is that the mechanism will take off and be used more broadly

  • Pulling data from Grouper or LDAP

  • Provisioning and deprovisioning mechanisms will be part of this app being designed

  • Grouper UI will be key tool for admin use

  • There will most likely be a “people picker” via people search, elastisearch, portal, flexible, fast

  • Most likely a Java application using Grouper web services

  • Hope to contribute this work to the community



  • U. Washington has a front end to Grouper developed in Spring

  • Chris suggests, start w Grouper web services  or the client

  • Bill T , Lafayette,  notes there is also the Duke?? toolkit

  • There is much demand for Self service group management, connecting groups to optional applications

  • New Grouper UI has helped

  • Some connecting glue is still missing

  • And connecting to applications (doing service provisioning) in a consistent way

  • Bill hopes that eventually the Grouper project , in context of TIER, will tackle this need directly

  • Chris: one of the gaps is the service tag feature and the relationship to provisioning

  • JonM: Would be nice to solve this need for institutions that cannot create their own custom screens for self-service group management , etc


  • JonM: Ability to skin the Grouper UI would be helpful

  • JonM: Strong connection between an institution’s IDM approach and how they want self service Grouper to work

  • Jim: a common API will be key

  • NYU will provide an update on their progress

  • Ideally NYU code will be shared on GitHub to help the community



NYU Screenshots:

https://drive.google.com/file/d/0B15g56CxPnnvVUhfVlVNcmxlRXc/view?usp=sharing 

  • Deprovsioning strategy
    (Please elaborate more on the deprovisioning ?)

  • Some form of notification for approaching end of life

  • Workflow process

  • NYU uses ServiceNow


  • Chris : Grouper roadmap has plan to implement expire dates for Groups themselves

  • There are currently expire dates on privileges and memberships but not on groups"

  • Should some groups have more than one owner/manager?

  • Advice from UWisc - need to be able to manage which groups are shown for a person. Don’t want people to have to see 5 pages of groups when they sign in

  • Issue of opt-in and opt-out for groups has been discussed at U-Wisc

  • Create Group - goal is to have this be as simple as possible

  • Collaboration is the endgame

  • When creating a group, there may be a field for “Collaboration Space” as shown on screenshot, this won’t be in release one, but could be useful in long run. Collaboration space might be a folder to start

  • Q: does group manager need to be a group member?

  • A: maybe not

  • Request for Grouper project to enhance Grouper so a tab can be added to extend the UI

  • Goal is to associate applications

  • Chris: there is complexity of such a tab in connection w provisioning


NYU will keep info flowing on the Grouper-users list about their project.


Advice from Chris: focus on using web services


TIER at Tech Ex -

Please sign up here for the TIER Working Group Members and Developers meeting, Thursday Sept 29, noon -3pm.

 


 

  • No labels