Minutes: Grouper-dev Call 14-Sept-2011
Tom Barton, University of Chicago (chair)
Shilen Patel, Duke
Gary Brown, Bristol
Lynn Garrision, PSU
Chris Hyzer, U. Penn
Tom Zeller, Unicon
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
New Action Items
[AI] (Shilen) will talk with Jean Marie re uPortal Integration
[AI] TomZ will update JIRA to reflect the priorities
Carry Over Action Items
[AI] (Gary) will email the Grouper-Dev list with specifics on UI accessibility issues
[AI] (Chris) will investigate putting the OpenConext Teams UI on the Grouper demo site.
[AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment.
[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.
- TomB and Chris are prepared for the IAM online webinar titled "Get Schooled on the new Grouper 2.0" in the afternoon of Sept.14http://www.incommon.org/iamonline/
- Thanks to all for the excellent work on the Grouper 2.0 release. The documentation review process went quite well
- TomB noted that KeithH may be interested in working on Rob's "Getting Started with Grouper" book. This would be a great help.
Scoping Grouper v2.1 (and beyond)
Possible items to work on for Grouper 2.1 and beyond
. packaging VT-LDAP in default jndi connector --
. internationalization tweaks? -- Chris reported that progress was made on this and he has not heard back of any further problems.
. Subject API enhancement -- can subject web services securely release attributes based on permissions?
. include sample attributes and permissions definitions for qs database -- it is easier to opt in if there is some infrastructure/samples/framework in place
- representing schemas as subjects
- allow group type be allowed to be an entity with no membershttps://lists.internet2.edu/sympa/arc/grouper-dev/2011-08/msg00016.html
-- upgrade hibernate or other 3rd party libraries?
. Reflecting LDAP and AD into Grouper via Loader? Via Ldappcng? (it was noted that this is an ongoing sink, not a load)
- Chris suggests using Grouper Loader since people are familiar with it
. Ldappcng enhanced design for real time & incremental
- uPortal / Grouper Integration: Shilen will get in touch with Jean-Marie in France.
Discuss at Grouper WG in Raleigh. Ask what the community's priorities are.
Timing for Grouper 2.1 release: Try to keep Grouper 2.1 slim and release in October or November.
Redoing the UI for Grouper 2.2 is a large task. Chris may start to focus on that soon. Shilen may also get involved.
Another project for Chris and Shilen is increasing the number of web services (for attribute framework and permissions to create resources)
There may be some new Grouper requirements/directions coming out of OSidM4HE discussions.
There is interest in replacing paper-based workflows that give people up w access to administrative systems.
It was noted that Kuali EDocLite can be helpful in this regard.
Privileges and Permissions
Historically, privileges are used in Grouper to describe subjects' actions. Recently more advanced permissions capabilities were added.
Should we re-implement Grouper privs using Grouper permissions? Should we reimplement the Grouper security infrastructure using our permission and roles approach?
Advantage: could facilitate inheritance of Grouper permissions down the folder hierarchy
- there are issues with joining tables to handle queries.
- So we'd have to provision permissions into something flatter to optimize performance
- There are also issues with handling attributes
- Could be a lot of work for not a lot of gain.
However, legacy issues can eventually represent an impediment to progress.
Next Grouper call: Wed. Sept 28 at noon ET.