Draft Minutes, Grouper Call 18-July-2012
Tom Barton, U. Chicago (Chair)
Michael Girgis, U. Chicago
Lynn Garrison, PSU
Chris Hyzer, Penn
Shilen Patel, Duke
Jim Fox, University of Washington
Jeff McCullough, U.C. Berkeley
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
Carry Over Action Items:
[AI] (Chris) upgrade the Grouper demo to the latest Grouper version 2.1
[AI] (Michael) will look into conducting user interviews
[AI] (TomZ) add info to the wiki regarding doing testing on provisioning
[AI] (TomZ) will put test data in the Grouper demo to show using an LDAP source.
[AI] (TomZ) will review the Grouper LDAP Loader doc and provide feedback to Chris, possibly with lessons learned from LDAPPC work.https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP
[AI] (Emily) Initiate an overall Grouper Features table with brief descriptions and links to documentation
Warm memories were shared at the start of this call of MACE Chair RL Bob Morgan, who died on July 12. See this link for a place to record and read memories:https://spaces.internet2.edu/display/rlbob/Home
Next steps for Grouper project
Thanks to those who have updated the Grouper roadmaphttps://spaces.internet2.edu/pages/viewpage.action?pageId=14517754
- Internet2 Net+ Services is bringing some new focus areas to the community
- It will be interesting to explore use of Grouper for Net+ services in the cloud
- Use of groups with cloud services have emerged as an important topic at recent CSG meetings
- There could be issues of security in storing IdM info in the cloud
- It’s possible that in the future the Grouper project could bifurcate into 2 parts:
1) provisioning and integration capabilities
2) access management
- Should the Provisioning Service Provider (PSP) be Grouper's PSP or should it have its own stand-alone identity?
- Should we expand the range of Grouper’s partnerships to the commercial world?
- Bob Brammer, a consultant working with Internet2 around industry partners, and Tom Barton have had discussions around this.
-The Grouper team is certainly open to helping those overtures to happen
- Chris and Bill Thompson, Unicon, recently heard a talk from a cloud-based IdM vendor http://www.stormpath.com/ and it seemed there could potentially be some synergies with Grouper.
- Interesting to explore integration with VOOT https://github.com/andreassolberg/voot/wiki/Protocol
- The CIFER project, depending on how it moves along, could also have an impact on Grouper's priorities and roadmap. http://ciferproject.org/
Number of Grouper Deployments
- It is challenging to track how many sites have deployed Grouper, but knowing this can help garner support and sustain our efforts
- Survey from 2011 showed approx. 40 production deployments and 60 more in pipelinehttp://www.internet2.edu/grouper/docs/GrouperSurveySummary_Aug_2011_FINAL.pdf
- It was noted that surveys often undercount
- There are access logs of downloads on the web server, but it is challenging to track Grouper downloads from these logs (logs are rolled every day, and there are lots of individual files to tackle)
- Does it make sense to use a “ phone home” (with opt out option) within Grouper ?
- Could imply policy and technical issues
- Use a registration process? (fewer technical and policy issues than the phone home approach)
- It was noted that the Shibboleth project does not keep track of how many Shib installs there are
- Jeff noted that UC Berkeley has a keen interest in the upcoming Grouper UI changes
- Want to evaluate how the Grouper UI plans match up to the needs at UC Berkeley
- A possibly pathway is that the team from UC Berkeley will develop their own Grouper UI
- More discussion of UI on a future call
-Grouper 2.1.1 was released on July 8, 2012
-PSU reported an issue around access to an XML file
-changing the port addressed the problem.
-Chris: this seems like inconsistent behavior, could there be something else unaccounted for?
-Chris opened JIRA 819 to look into this:
Chris reported he is wrapping up some batch attribute assignments
work on Grouper for the COmanage project
Error Affecting Provisioning to AD
- There was a critical error affecting provisioning to Active Directory
- until this is fixed, the link to PSP on download page is disabled
Chris added text to explain this on the download page.http://www.internet2.edu/grouper/software.html
Next Grouper-Dev Call: Wed. 1-Aug. 2012 at noon ET