Child pages
  • Grouper Call 16-Sept-2010
Skip to end of metadata
Go to start of metadata

Grouper Call 16-Sep-2010


Tom Barton, U. Chicago, (chair)
Chris Hyzer, U. Penn
Shilen Patel, Duke
Rob Hebron, Cardiff
Tom Zeller, U. Memphis
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

AI (Rob) will send a proposed Grouper documentation outline to the Grouper-users list.
AI (TomB) will explore new international participation for work on the Grouper UI.
AI (TomZ) will continue to look at SMPL / SAML / Java solutions

Carry Over Action Items
AI (Rob) will look at issues relating to testing the ESB Connector and contact Chris about moving the ESB work to the web services project.


Shibbolizing Grouper

Chris will ping Nate again about issues involved in Shibbolizing Grouper.

uPortal Grouper Integration

Chris and Jen have been collaborating on uPortal Grouper integration. Issues needing to be addressed are:

  • When in a development environment and adding uPortal subjects to groups, Grouper does not know about those groups. Chris plans to fix this with a subject source that looks at uPortal's built in users.
  • uPortal needs to know about the groups before it can use them. There is a question of how U. Chicago handled this. Jen will inquire about that.

Rule Management

Chris did not receive feedback yet on his 11-Sept email to the MACE-paccman list about Grouper Rules. The lack of response could mean that people haven't focused on this topic yet, and we should take that into account as we weigh investing additional time and effort.

Chris suggested that it's possible to think of rules as user-friendly hooks. Looked at this way, there are many use cases. Chris stated that rules are essentially attributes on objects. Currently rules can be added using GSH or Web services. The plan is to add an attribute UI in the future.


Concerning the UI, TomB encouraged the group to view the movies of the UI work done by GIP RECIA.

TomB noted that GIP RECIA designed the UI with enhancement and extensibility in mind. That UI has garnered attention in Europe and will be discussed at the TERENA meeting in Copenhagen in September.

Ldappcng, Changelog, Attributes & Permissions

TomZ reported on LDAPPC-ng status. It does not poll from the change log yet. If permissions are treated as attribute values, LDAPPC-NG can handle them. Otherwise there is work to be done, another layer. There is an open Issue of how to express permissions in LDAP. Currently, we need to take the non-flat permission object and flatten it out to represent it in a target system such as LDAP. Should SPML packets or other mechanisms be used?

OASIS Provisioning Services Technical Committee

TomZ has participated on recent calls of the OASIS Provisioning Services TC.

There is discussion on how to improve SPML in version 2.1 or 2.3. Oracle and another private company are two major players. There is an interest in the MACE-paccman use cases.

TomZ has also joined the OASIS Security Services (SAML) TC

This group has been working on a draft spec to change the notify schema in SAML. SAML could represent an alternative to an SPML approach to provisioning.

Grouper Documentation

There is much info on the Grouper Wiki, but organization is a problem, and it can be hard to find answers. AnnKW has been working with community members to improve Grouper documentation.

Rob has volunteered to develop a draft outline - using a structured layout — for enhanced documentation. He will email it to the group for review and feedback when it's ready.
AI (Rob) will send a proposed Grouper documentation outline to the Grouper-users list.

Strategies and Next Steps for Grouper

TomB stated that work on the Grouper UI and Provisioning are key areas.

 - Grouper UI

How many UIs should be provided? Currently there is the Admin UI and the Lite UI, as well as many excellent UIs developed by community members.

The existing Admin UI focuses on Grouper 1.4 and prior capabilities. It addresses user audit , but not attributes, permissions, and roles. The lite UI has some of the same gaps

It was noted that a problem with adopting the GIP RECIA UI, is that it does not handle tasks that the Grouper Admin UI handles.

For an attributes and permissions UI, we could, use an approach similar to the lite UI. If end users need to be able to create an attribute, then we'd need create, edit and delete screens. Maybe over time we should migrate capabilities from admin UI to the lite UI. Longer term, people want an AJAX oriented UI.

Rob suggested having one UI that presents different capabilities to administrators versus other users.

Perhaps have one web app with multiple UIs? A single architecture would be helpful.
It would be good if adopting organizations could adapt a provided UI rather than write their own from scratch.

Chris has been the only Grouper developer working on the Ajax-oriented UI so far. It would be good to start to share that development work. TomB will explore involving international partners.
AI (TomB) will explore new international participation for work on the Grouper UI.

- Provisioning

Issues related to provisioning:

  • Should Grouper look at additional SPML provisioning targets in addition to LDAP?
  • Should Grouper be a provisioning target? That could play a role in federated Grouper.
  • What about provisioning Grouper groups into Google? Will there be a Grouper to Google connector?

TomZ hopes to talk with U. Washington and University of W. Florida folks (who presented at ACAMP in Raleigh) about Google Groups.

TomZ stated that for supporting new target types, an issue is availability of a decent SPML to Java library. TomZ has consulted with Chad about this. Chad suggested to look at open SAML and XML tooling projects that are part of Shibboleth 2.

AI (TomZ) will continue to look at SMPL / SAML / Java solutions

Note: Add to the agenda for a future call : Discuss a stem set table to reflect the structural relationships among stems.

Next Meeting: Wed. Sep 29 at noon ET

  • No labels