Child pages
  • Grouper call 19-Jan-2011
Skip to end of metadata
Go to start of metadata

Grouper Call 19-Jan-2011

Attending

Tom Barton, U. Chicago, Chair

Chris Hyzer, U. Penn
Rob Hebron, Independent
Gary Brown, Bristol

Lynn Garrison, Penn State
Shilen Patel, Duke

Tom Zeller, U. Memphis 

Steve Olshansky, Internet2

Emily Eisbruch, Internet2 (scribe)

New Action Items

[AI] (Chris) will email Jen about the caching approach for Grouper uPortal integration.

[AI] (Rob) will email TomB about disk space requirements for the Grouper VM.

Carry Over Action Items

[AI] (AnnKW) will move the appropriate development pages in the wiki to project pages in the wiki. In progress, Ann developing a proposal for longer term.
[AI] (AnnKW) will look at queries of the Grouper wiki to be sure there are no outdated pages.  
[AI] (TomZ) will report on timing for Grouper demo work.
[AI] (TomZ) will create a wiki page enumerating activities related to connectors. On hold
[AI] (TomZ) will work with Chad in the process of proposing a Working Group to focus on provisioning. On hold
[AI] (TomZ and Chris) will discuss/work on LDAP Grouper Loader for importing groups. JIRA 442
[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.https://spaces.internet2.edu/display/GrouperWG/GrouperBook
[AI] (TomB) will explore new international participation for work on the Grouper

Reminder:   Agendize Grouper UI strategy for after the release of Grouper 2.0.

Reminder: Next call, discuss Ldappc and packaging

Discussion

uPortal Grouper Connector

https://spaces.internet2.edu/display/Grouper/Grouper+uPortal+integration
Chris reported on the uPortal connector. It will be similar to the Attlassian connector or the Kuali Rice connector.
One issue is handling downtime and caching. The Atlassian connector is built so that downtime in web services won't cause downtime in Atlassian.

However, uPortal folks do not want to put all uPortal groups in one Grouper folder; uPortal folks want more random access to groups.

One approach to take is to put a type on a uPortal group. Then when uPortal does caching, it will get all groups with that type. This way if Grouper is down, those groups will still be available.

Q: How does cache refresh work?

A: Chron process in background keeps refreshing the cache. (Can use XMPP messaging for the cache refresh or can set a certain time interval to refresh the cache.)  

[AI] (Chris) will email Jen about the caching approach for Grouper uPortal integration.

ESCO Grouper UI

ESCO-Grouper UI v2.6 was recently shared on the Grouper-dev list.

https://lists.internet2.edu/sympa/arc/grouper-dev/2011-01/msg00019.html

U. Chicago installed it locally in a test database with CAS. TomB's observations:
1.    it is a very pleasant UI, quite intuitive
2. Speed/performance is an issue, most likely addressable

Chris noted that UI connected to web services takes a performance hit. Don't know it that is a factor here.

Q: Big question : What we should be doing as far as a Grouper UI?

A: For Grouper 2.0, we will add more attribute and permission features to the Grouper Lite UI. Then reconsider the question after Grouper 2.0

Chris: What about dynamic LDAP approach? Where in a UI you can define a group and use filters? TomB noted there is work at U. Chicago, where some info maintained in LDAP directrory instead of all in a person registry. Process, like the loader, maintains persistent connection to LDAP server, and gets real time updates of changes to memberships to groups and these get reflected into Grouper group memberships.

Q: Lynn, how does this connect with what’s going on at Penn State?

A: Lynn: We have groups in LDAP, do not have an API interface into that. Need something easier than the  current Grouper Admin UI. Will be looking at  the Grouper Lite UI. Penn State is looking at Grouper re access management needs.  A big user of the UI would be for user-managed groups (including groups for clubs) that anyone on campus can create to access various resources. Course groups and standing groups are also part of the group environment at Penn State.

TomB: The Northern Ariz University UI could be interesting to Penn State.

https://spaces.internet2.edu/display/Grouper/Northern+Arizona+University+Grouper+Page

Q: What about audit for groups at Penn State ?

A: Lynn: yes that is important too.

Point in Time Web Services

https://spaces.internet2.edu/display/Grouper/Grouper+Web+Services+for+developers

Shilen reported that adding point in time capabilities to getMembers is done. Now he will work on point in time for hasMembers and getGroups.( Later, privileges and permissions. ) Now that getMembers is done, the rest will be easier.

High Availability Web Services

U. Penn plans to have the database sync to a read-only database off site. There will be an app server that runs web services in read only mode. Then in the client, there will be a choice of read-only or regular. If there is an error, the other will be used. Automatic fail-over. Also looking at DNS load balancing, looking at a software as a service vendor to provide this  service.

This U. Penn approach could be a generic solution -- getting a database to replicate in read-only mode someplace else.  U. Washington is looking at another approach (involving always-available LDAP)  that may be more institution specific.

Rob noted that Cardiff uses balanced requests to LDAP, using a free open source program that listens.  For web services, Cardiff looks at using NetScalers (switchers), but additional hardware is required. But for a generalized approach, controlling DNS seems reasonable.

Q: TomB: Are there issues w locking  and racing?

A: Sticky load balancing seems best, for caching.

Grouper V 2.0 Planning

Chris will make a Grouper 1.7 branch (for internal use) that’s not announced or built. This is to deploy the external people registration feature at U Penn.

Chris sent an email on the Grouper Group Sync work. Could be useful for Grids or for larger VOs. https://lists.internet2.edu/sympa/arc/grouper-dev/2011-01/msg00026.html

Grouper VM

There are some potential space issues with hosting the Grouper Demo VM in the Internet2 servers.

[AI] (Rob) will email TomB about disk space requirements for the Grouper VM.

Assuming the hosting issue is solved, we need to decide on packaging.  Rob suggests a live CD and also a down-loadable demo with documentation. Ideally this would come out of the build process. Rob is working on notes for this.

For Next Call: Discuss Ldappc and packaging.

Next Call: Wed., 2-Feb-2011

  • No labels