...
Release | Item | Description |
---|---|---|
2.3 | TIER packaging | Discuss with TIER and decide on standard TIER packaging for quick start (VM vs Docker vs Installer) |
2.3 | Revise build environment and dependency retrieval | Revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync) Possible options:
Need to figure out versions for each dependency. |
2.3 | upgrade vt-ldap | to ldaptive |
2.3 (tentativedone?) | Improve folder privileges | Change folder privileges so that instead of the STEM privilege, there is an ADMIN privilege on folders. The ADMIN privilege would mean you have all rights to the folder, you can rename it, delete it, change privileges, and effectively every other privilege. The CREATE privilege would be changed to also include creating folders (in addition to groups and attributes). And the STEM_ATTR_READ and STEM_ATTR_UPDATE would remain the same. Note, so the name doesnt conflict with the group ADMIN privilege, the stem privilege will be called STEM_ADMIN. |
2.3 (tentative) | Improve loader | Add the ability for the loader to run on multiple nodes to it has better availability. Also add the option for unresolvable subjects to not cause loader jobs to fail (note, if the source is unavailable it should fail and not remove all members, and it should only allow unresolvables up to a certain configurable threshold, note that threshold is implemented for other reasons already) (note, enable the unresolvable feature at a database connection level so some databases can take advantage of it and others dont have to). Allow changes to loader configs to be read without having to bounce the loader. Also allow the loader to have event based processing e.g. in a change log table. |
2.3 (tentativein progress) | Finish the new UI, replace admin and lite UI | Add features into the new Grouper 2.2 UI so that everything from the admin UI and the lite UI can be performed in the new UI. Remove the admin and lite UIs (redirect outdated links). Add user based auditing and overall auditing. Add new features like the ability to easily configure "rules" in the UI |
2.3 (tentativein progress) | Add remaining attribute/permission operations to WS | Add ability to manage attribute and permission definitions 100% via the WS. Currently many things can be done via the WS but not all. Currently the gaps can be addressed via the UI/API. |
2.3 (tentative) | Standard authorization API | Define and implement a standard API for authorization. This is a CIFER effort and might be based on SCIM or OAuth2 and might be readonly for 2.3. This would be a web service and might also include messaging. |
2.3 | Successor to the PSP | |
2.3 (tentative) | Improve gsh by adding readline like capabilities (line editing, tab completions, history, etc). Explore incorporating Jline2 into the current beanshell approach or possibly adopting groovysh as the base. | |
2.2.1 | Improve the Grouper installer so that it can leverage config overlays to upgrade a grouper environment (or help give steps to upgrade grouper) | |
2.2 | Grouper has an administrative UI, the Membership Update Web UI, and as of v2.0, additional Web UIs for attribute, role, permission, and user invitation management. Further, several substantial UIs have been created by Grouper users, usually designed to meet needs in a specifically identified context. This roadmap item is aimed at addressing how Grouper should engage, support, or borrow from these efforts to provide UI capabilities that are closer to contextual needs more often than at present. | |
2.2 | Add ability to tag objects in Grouper (via the new attribute framework) so that folders, groups, permissions can be grouped into a "service". The API/UI/WS could filter search results based on the service to make it easier for users to perform tasks in Grouper. See documentation page. | |
2.2 | In order to make Grouper more easily deployable across environments, and more easily upgradable, add ability for cascaded config files, and expression language in config file entries. There can be a default configuration file, and an override file so that only the changes from the default can be tracked in the overlay. See Grouper configuration overlay. | |
2.2 | Provide group, membership, and group management role information via SCIM, in partnership with SURFnet. | |
2.2 | Treat privileges as Group lists | Remove the pluggability of Grouper privileges (Group READ/UPDATE etc), treat them as group lists to improve WS operations, simplify the UI, etc |
2.2 | Built-in support for managing unix GIDs by assigning a numeric ID to each group and folder. | |
2.2 | Migrate from legacy attributes to the new attribute framework in a transparent way. The old API and WS and UI should still work correctly. Plan to migrate lists and hooks as well. | |
2.2 | COmanage integration | Work cooperatively with the COmanage project to integrate Grouper within COmanage. Integer group ID's, WS operation tweaks |
2.2 | Subject security realms | Differently users might have different privacy requirements for the Subject API. Security by realm is implemented in the JDBC2 source adapter. Callers pass in which "realm" the search should take place in, and the source can adjust how the search takes place, what attributes look like, etc. |
2.2 | Grouper user data | Store information about a user in grouper in a generic way. e.g. recently used objects. favorites, etc. |
On-going | Grouper Core enhancement | Continue adding capabilities to meet requirements from the field. |
On-going | Community contributions | Solicit and publicize community contributions of extensions and complements to Grouper. |
Not yet assigned | Security plugins | Spring security, Shiro, .NET plugins for Grouper WS that might be able to be distributed with the plugin itself. Initial proof-of-concept code available: https://spaces.at.internet2.edu/display/Grouper/Unicon+Grouper+Contributions. |
Not yet assigned | Access Management Standard WS API | Similar to the CIFER effort, develop a standard WS API |
Not yet assigned | Further KIM-Grouper integration | Refine the Kuali KIM services interfaces and extend existing integration beyond group-level into roles & permissions. |
Not yet assigned | Register for notifications | Add ability for users to register to be notified of changes to specified objects. |
Not yet assigned | Further uPortal-Grouper integration | Complete Phase II deliverables. Time frame for Phase III deliverables still to be determined in concert with uPortal team. |
Not yet assigned | More provisioning connectors | Add further connectors to reflect specified group, membership, role, and permission information into external systems and services. |
Not yet assigned | Scaling REST webservice | An page in the Administration guide, Grouper always available web services and client, demonstrates one way to provide always available services using a specialized client. The CIFER REST web service will need the server-side capability to provide that always-available functionality. In addition the REST API should be able to access multiple, read-only caches so it can efficiently handle any increase in query requests, most of which will not need to directly access the primary database. |
Not yet assigned | Namespace Uniqueness Constraint | Active Directory has some constraints regarding the storing of group and membership objects of the same name. This item would create an optional API-level constraint which would prevent you from re-using a name across multiple objects (stem, group, attribute, etc). |
Not yet assigned | Provisioning by message | Use a message bus to notify interested parties, including traditional provisioning agents, of group changes. TBD: supported message transports, format of messages, content of messages. Possible transports include AWS, Azure, ActiveMQ. |
...