Child pages
  • Grouper Call 28-Mar-2012
Skip to end of metadata
Go to start of metadata

 Minutes, Grouper Call 28-March-201


Tom Barton, University of Chicago (chair)   
Steven Carmody, Brown
Chris Hyzer, University of Pennsylvania  
Shilen Patel, Duke  
Lynn Garrison, PSU
Jim Fox, U. Washington
Tom Zeller, Unicon
Steve Olshansky, Internet2  
Emily Eisbruch, Internet2, scribe

New Action Items

[AI] (All) send Chris their input / comments on Organizing Grouper Services

[AI] (Emily) update Grouper documentation, including Grouper Installer page and WS page, based on suggestions from Lynn.

[AI] (TomB) will initiate a requirements table in the Grouper UI wiki  page (DONE)

Carry Over Action Items

[AI] (TomB and Emily) will meet to outline a plan for getting community input to the new Grouper UI.

[AI] (Mike) will review and contribute to the Grouper UI Planning wiki page

[AI] (Shilen) will review and contribute to the Grouper UI Planning wiki page

 [AI] (TomZ) will put test data in the Grouper demo to show using an LDAP source.

[AI] (TomZ) will review the Grouper LDAP Loader doc and provide feedback to Chris, possibly with lessons learned from LDAPPC work.

[AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment.  

[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.


Feedback on Grouper 2.1

Grouper and Shib in Grouper 2.1

ScottK asked on the Grouper-Users list about  protecting Grouper UIs with Shib in Grouper 2.1

Q:  Can the web.xml that we ship be set up so that by default  there's no need for an implementer to make a change to get Shib protection?

A: By default, the web.xml is set to work with the Tomcat users file. This is good for demonstration, and it's needed for the Grouper Installer to work.

StevenC: The Grouper Installer is a big help and it relies on Tomcat. So we need to preserve the Tomcat dependency as set in the web.xml file

Suggestion that we enhance the documentation about converting the basic install to a production-worthy install, and there include the information about using Shib.

Other Doc. Improvement Suggestions

Lynn: It would be good to have better documentation on how to "lock Grouper down" for production ready. Things are easy with the Grouper Installer and the plug and play using Tomcat. *** But steps to get Grouper ready for production need better explanation.  The steps to make Grouper production worthy  are in the different guides, such as in the Web Services and UI wiki pages.

Lynn noted that Chris was very helpful in her recent work to get the PSU deployment production ready. PSU had problems w load balancer, Chris helped

*** Doc. could be improved regarding load balancer

*** Failover for web services is not yet in WS Guide

*** Add a link to the U Penn Productionalization page (though mention that this is in ant and long-term direction is Maven)
(NOTE: this is done, see link from )

[AI] (Emily) update Grouper documentation, including Grouper Installer page and WS page, based on suggestions from Lynn.

Root Session Issue in Grouper 2.1

Another issue ScottK found related to the root session in Grouper Shell

This led to Jira 766, ( It should be easy to create a non root session without bootstrapping with a root session)

Chris also updated the Grouper Shell documentation and the upgrade steps section of the release notes

Upper / Lower Case in New LDAP Source Adapter

This affects people who had an LDAP subject source that had capital letters.
As a result of this issue, Chris updated the JAR to defaults to not toLowerCase.
This is documented in the Release Notes, Upgrade Steps.

It was decided this does not warrant a new rev of the release, just make the new jar available.

Planning the Grouper UI

- StevenC mentioned that discussion of the new Grouper UI is a really important topic
There is an upcoming meeting a Brown regarding what Brown must do to provide a UI to various users in various contexts

- Could use the Grouper WG at SMM to get feedback on how people are being asked to manage groups who are not sys admins and are not from Central IT

- Find out why the requirements are for the Grouper UI, want to be sure to address needs of people who are not IT people

- Assumption that we are not going for a monolith UI, that we want different UI versions to target different audiences

- We may want to get some use cases out via email list 7-10 days before the SMM , get people to think about their own environments

- Brown is interested in ability  to drop a widget into existing pages, not sure if that on the radar

TomB: We want early on to gather requirements from the community, need an external perspective

- Have opened up the UI wiki page for requirements gathering, people should enter their requirements into the table:

Grouper WG Session at 2012 SMM

A wiki page has been set up with possible topics:

- How to shine a light on (is there a way to demo?) real time provisioning? TomZ will think about that.

- Mention Grouper Training, getting to get community feedback on Grouper Training (PSU, U-Wisc-Madison have already provided excellent suggestions)

SMM Session on "Access Management and Grouper"

Wed April 25, 4:30-5:30pm in Salon J is on the hook alone

- TomB could present longer version of the 3 intro videos

- Steven is interested In topic of how to replicate roles and permissions into a target system

Meeting with COmanage Team at SMM

HeatherF is  getting the  COmanage team and Grouper team together at SMM for discussion on how Grouper will be leveraged within COmanage.

Organizing Services In Grouper

[AI] (All) send Chris their input / comments on Organizing Grouper Services

- Problem is, for example, you want to add a member to a JIRA role, you see the tree control, don't remember where it is.
- Proposed solution is : the structure of the dashboard of new UI should have a way to pick a service
- So you only see the objects related to that service, based on attribute assignments
- This is way of  tagging things, where tags would be attributes and could have a namespaces

Next Grouper Call: Wed. 11-April-2012 at noon ET

  • No labels