Child pages
  • Grouper Call 2-Feb-2011
Skip to end of metadata
Go to start of metadata

Grouper Call 2-Feb-2011

Attending

Tom Barton, U. Chicago, Chair
Chris Hyzer, U. Penn
Jim Fox, U. Washington
Rob Hebron, Independent
Gary Brown, Bristol
Shilen Patel, Duke
Tom Zeller, U. Memphis
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

[AI] (Rob and TomZ) will chat about Ant and Maven

[AI] (Rob) will develop down a list of developer issues related to Maven

[AI] (Chris) will create a wiki page about restricting subjects by folderhttps://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Veto+if+not+eligible+by+folder

[AI] (Tom) will get feedback from Rachana

Carry Over Action Items

[AI] (SteveO) will move the appropriate development pages in the wiki to project pages in the wiki.
[AI] (SteveO) will look at queries of the Grouper wiki to be sure there are no outdated pages.
[AI] (TomZ) will report on timing for Grouper demo work.
[AI] (TomZ) will create a wiki page enumerating activities related to connectors. On hold
[AI] (TomZ) will work with Chad in the process of proposing a Working Group to focus on provisioning. On hold
[AI] (TomZ and Chris) will discuss/work on LDAP Grouper Loader for importing groups. JIRA 442
[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.https://spaces.internet2.edu/display/GrouperWG/GrouperBook
[AI] (TomB) will explore new international participation for work on the Grouper UI

Reminder: Agendize Grouper UI strategy for after the release of Grouper 2.0.
Reminder: Next call: Review Jira

Discussion

Misc.

  • SteveO is taking over the job of identifying and correcting problems with the Grouper wiki.
  • TomB has requested a VM for Rob's demo from the Internet2 Technical Support Group.

LDAPPC Packaging and Testing

Questions:

  • What goes into what tarballs for the demo and for the package, for everything we make available for release?
  • Which LDAP server should be in there?
  • Is the test harness accurately testing LDAPPC capabilities in the overall package?

TomZ starting writing the standalone server for the demo. He ran into bugs in Apache Directory Server version 1.5.7. He plans to go back and use Apache 1.5.5.

TomZ plans to provide different example configurations in different folders, possibly the same configurations that we use for testing.

More on the Demo Server

  • We provide a preconfigured version of Apache as part of the demo.
  • How do users verify that things are showing up in LDAP as they expected?
  • Chris had passed around the PHP-based LDAP UI . We could bundle that with the demo. Or people could use their own tools.
  • Should we provide an endpoint for people doing testing on the demo server? TomB expressed concern about providing an open port on the demo server.
  • If we provide the view, we can control things better.
  • If we use the PHP approach, we have a chance to protect access to it.
  • What about the issue of how to remove data that users add? Does each person who goes into the demo get their own stem?
  • Chris does not think there will be too much data. We can grant people access to stems as appropriate. People who register themselves will not get access to stems
  • Demo site could be a place (like a sandbox) where people can try things out to see if Grouper can solve their problems.
  • PHP is read only. We'd protect it with Shib. Then we can tell people the password, since access is allowed only w Shib.
  • We should create a group of people allowed to use the Demo and sync that w Apache.
  • JimF: There is a small risk that people can use the demo site as a production site.
  • Q: How does self-registration work?
  • A: You get entered as an external subject, get put into the UI users group and get privileges to access the test stems. But to get access to web services, you need to request and account.
  • Chris gets an email when someone registers
  • Should Grouper-Dev folks get an email report when people add themselves to the demo?
  • SteveO will create a Grouper-Core mailing list to get these notifications
  • Should demo be more widely publicized? Maybe after the PHP element has been added.

Circular Reference Issue

Chris: Currently in Grouper 1.7 and Grouper trunked 2.0 there is a circular reference between Grouper and Grouper client. Maven can't deal w that
Solution: create another project called "Grouper client test "

Maven and Ant

  • TomZ is overlaying Maven on top of ANT. Must get both to work at same time. Not a good long term strategy.
  • Rob, in his work, is moving everything to Maven. and this makes the build process more transparent.
  • Shib moved to Maven and they are happy w it.
  • Grouper has a big Ant script that does a lot.
  • Chris suggests it would be nice NOT to move the directory structures around so it's easy to find history
  • Maven likes directories named differently
  • TomZ: I got Maven to build Grouper but there are issues w 3rd party jars.
  • One important change we need to make to use Maven: Need to handle 3rd party jars differently
  • You can call Ant Tasks from within Maven
  • There are Maven ways of handling things when there is a relationship between projects at the same level – using a Parent POM.
  • We’d need to do that, the way Shib is doing for Vers. 3

[AI] (Rob and TomZ) will chat about Ant and Maven

[AI] (Rob) will develop down a list of developer issues related to Maven

Restricting Subjects by Folder / Veto if not Eligible

https://lists.internet2.edu/sympa/arc/grouper-dev/2011-01/msg00027.html

  • Chris proposes that for each folder, you can attach a rule that says – either overall or for a certain source – subjects must come from a certain group.
  • For Grouper 1.7 , inside those folders and subfolders if you try to add a subject to a group that is in the source but not in the group, it will create an error.
  • In Grouper 2.0 with the search string and the members table, maybe in the UI, if you search for members to add to a group or a privilege, it will only show the eligible people.
  • Don't want to affect the time to add a member to any group
    o Could have a flag that says, "not using this feature"
    o Also the rules could be cached. (Rules are a kind of attribute)
  • Later, we could have a change log consumer and remove the user (automatic deprovisioning).

We may need to look at caching strategy overall.

[AI] (Chris) will create a wiki page about restricting subjects by folderhttps://spaces.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Veto+if+not+eligible+by+folder

[AI] When Chris's wiki page is ready, TomB will get feedback from Rachana

Next Call: Wed., 16-Feb-2011

  • No labels