Minutes: Grouper-dev call of April 9, 2014
Chris Hyzer, University of Pennsylvania (stand-In chair)
Jim Fox, University of Washington
Shilen Patel, Duke University
Dave Langenberg, University of Chicago
Vivek Sachdeva, UCLA
Emily Eisbruch, Internet2, scribe
New Action item
AI (Jim) make the University of Washington group events AD updating code available on GitHub and document its availability on the Community Contributions page.https://spaces.internet2.edu/display/Grouper/University+of+Washington+Grouper+Project+Page
and in table at bottom of this page:https://spaces.internet2.edu/display/Grouper/Community+Contributions
Carry Over Action items
[AI] (Shilen) investigate ways to get new attribtues in a single step
[AI] (Shilen) do performance testing prior to the Grouper 2.2 release
[AI) (DaveL) look at PSP ChangeLogDataConnector Inconsistency issuehttps://lists.internet2.edu/sympa/arc/grouper-users/2014-02/msg00047.html
[AI] (DaveL) write up the doc related to the Shib Grouper question.https://lists.internet2.edu/sympa/arc/grouper-users/2014-02/msg00004.html
[AI] (DaveL) work on the PSP aspect of GRP 914.
University of Washington Contribution of AD Code
Jim stated that U. Washington has a possible code contribution. The code takes group events and updates AD. The AD has been modified to provide group membership viewer controls. This code would need to be modified to be used outside of University of Washington.
AI Jim will make the University of Washington group events AD updating code available on GITHUB and document its availability on the Community Contributions page.
Loose ends and discussions on the Grouper-Users List
Scott Koranda raised some questions on the use of the SQL loader. Scott later told Chris that he had figured out an approach to this issue and will document this on the wiki.
Global read-only role in API
-Chris noted that University of Pennsylvania needs a global read-only role in the API for web services.
-The admin working on a course provisioning application needs to be able to pick a group in Grouper and not worry about going to Grouper to assign the read privileges to the service principals.
-Jim: At U. Washington we have set up Global read-only roles for a few trusted clients
-Everyone understands that some admins have global permissions
-Chris would like to make that enhancement to the Grouper API
There was a recent discussion with CMU? Re Multi-assignable attributes and the API.
For a multi-assignable attribute, if you call assign it will over-write the last assignment, if you call add it will add
-That is a confusing issue about the API, would be good to clarify if possible
0 after web service issue was discussed on the list.
-Could that be an undefined variable or could it be chunking?
Legacy import/export https://spaces.internet2.edu/display/Grouper/Import-Export
-Shilen got this feature to work with Grouper 2.2
Invitation errors for External person invites was discussed on the list
Chris has created a JIRA for this:https://bugs.internet2.edu/jira/browse/GRP-959?jql=project%20%3D%20GRP
There has been discussion that we should get Gropuer working on Tomcat 7
The new servlet JSP spec is not backwards compatible.
Chris noted that this transition to Tomcat 7 will be easier in a future version of Grouper ( Grouper 2.3?) when the older UIs no longer must be actively supported
GroupID/FolderID - Default to foldername
Chris has completed this feature, which was suggested by CMU:https://bugs.internet2.edu/jira/browse/GRP-962?jql=project%20%3D%20GRP
Testing the Grouper 2.2 UI
Chris emailed the Grouper-users list about testing the new UI.
About a dozen new users have registered.
Chris set up a wiki so people can log their experiencehttps://spaces.internet2.edu/display/Grouper/Grouper+UI+v2.2+testing
Michael Girgis, U. Chicago, has registered for the demo server.
It will be great to get Michael's feedback to see if Chris implemented the UI design as he had envisioned.
Grouper 2.2 Release
Chris reported that he has completed the list of tasks for the new Grouper UI:https://spaces.internet2.edu/display/Grouper/Grouper+UI+v2.2+tasks
Chris is now waiting for feedback on the UI from the various testers and working on CRSF protection
SCIM Grouper Integration
DaveL is ready to turn over his work to Bas at SURFnet for evaluation.
Grouper SCIM integration will be an experimental feature in the Grouper 2.2 releasee
Legacy Attribute Migration
Shilen noted that for Grouper 2.2, the built in attributes are migrated to legacy attributes.
The name says "legacy" attributes but they are legacy and "built in" attributes.
However, the folder name is configurable; the word "Legacy" could be configured to say something else.
UCLA Use Case
Vivek shared a use case from UCLA
They have a group (committee) with multiple people managing that committee.
Assume Bob adds members 1,2 and 3 and Joe adds members 4, 5 and 6
Requirement that Joe should not be able to delete any members added by Bob
-Have Bob add a group for which Bob has update privileges but Joe does not
-Have Joe add a group for which Joe has update privileges but Bob does not
Then use composite group so the effective members of the group would be Bob's group plus Joe's group.
Another approach: it's feasible to use an attribute to represent who added a membership.
Then have the front-end application read the attribute and be sure person who deletes a membership is the one who added that membership.
Using Many Permissions
Vivek: we are adding a case management system, we need lots of permissions.
Use case is: faculty member goes to review process for promotion
This goes to the Dept. to the Dean, etc. with lots of roles and different permissions for those roles
Question: What's your opinon on adding 300 or more permissions?
Answer: This should be fine. Shilen has done performance testing adding a large number or permissions and it has worked. Also Penn has loaded a Grouper registry with 10K or 100K permissions assignments and done API calls and it has performed fine.
Chris suggested to make a loop with GSH and create permissions and do stress testing.
Vivek plans to do that.
Next Grouper-Dev Call: Wed. April 23, 2014 at noon ET