Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redmon, UNC
- Carey Black, Purdue
- Vivek Sachdiva, Independent
- Jonathan Johnson (JJ) , Unicon
- Emily Eisbruch, Internet2 (scribe)
New Action Item
- AI Shilen look at GRP-3805
cannot rename loader group (simple)
DISCUSSION
- Internet2 Intellectual Property Policy
- Approve minutes
- Review AIs Grouper Project Action Items (Google Doc)
- Blog on Attribute Based Access Control (ABAC) with Grouper, has been submitted to Internet2 Marketing and Communications , should be in February 24, 2022 InCommon Newsletter.
Current Work
Vivek
- Duo Provisioner done
- Duo roles are interesting
- One role per user
- Role is not a group on the target
- It’s a value on one of the attributes
- Had not had member metadata before
- Working on Remedy provisioner
Grouper Roadmap
- Chris posted Roadmap for Grouper 2.7 on Slack
- https://spaces.at.internet2.edu/display/Grouper/Grouper+Product+Roadmap
- Grouper 2.6 will be finalized, will include both new and old PSPNG provisioning
- Grouper 2.7 will have all the changes for Grouper 3.0, except the database changes
- Stay at Java 8 for now
Shilen
- Stem copy issues fixed
- Issue with override DNs, deleting object in LDAP
- Chris and Shilen will talk about secondary for search and match
Chris
- Grouper Training last week
- Issues with LDAP to SQL fixed
- GRP-3812 ldap to sql cannot be editted
- Regex issue fixed
- Postgres driver and security
Chad
- Grouper Training last week
- Good discussions, good group
- As Grouper Training Environment gets perfected, it helps with training
- There were questions
- group types, is there reporting, to get a list
- Process for cleaning up disabled users
- Add member versus add privilege
- And more helpful feedback…See Google doc provided by Chad
- Tagging issue with Grouper builds
- Working on it with Chris Hubing
Grouper Releases
- Hope to release Grouper 2.6.6 soon, perhaps in one week
- It includes many changes
- Grouper 3.0 database changes…
- Do we need a composite table if we have JEXL scripted groups
- How do we want subjects to work in Grouper? We have always had subject API. Store the representation of users in the database? Grouper can self provision or cache.
- We will have a design session in the future
Issue Roundup
Jiras in past two weeks
- GRP-3816
improve daemon item menu
GRP-3815
improve daemon main screen menu
GRP-3814
allow gsh scripts to take arguments
GRP-3813
add example for ldap unique hook
GRP-3812
ldap to sql cannot be editted FIXED
GRP-3811
allow edit provisioner from provisioner details page (not just from main page)
GRP-3810
ldap to sql should have option to not add attribute if no value assigned FIXED
GRP-3809
add more timing to ldap to sql jobs FIXED
GRP-3808
upgrade postgres driver based on vulnerability
GRP-3807
grouper diagnostics showing too much info
GRP-3806
errors on gsh container start ( came from training)- AI Shilen look at GRP-3805
cannot rename loader group (simple) -
- GRP-3804
on edit membership screen remove checkboxes and just have text (i.e. unchecking direct member does nothing)
GRP-3803
on group screen to show memberships of another group, allow to add a group (to add this group to that group) like subject screen
GRP-3802
extract base source adapter config file reads to a config object which is cached - GRP-3801
detect if subject attributes or source attributes are misspelled on subject api wizard
GRP-3799
ldap provisioner should get the DN from the CN... (not group attribute) if there is no translation
GRP-3798
make it easier to replace chars in attributes in provisioning- GRP-3797
add osgi felix jars to Grouper for java authentication from unicon - GRP-3796
make jdbc subject source for testing editable and store in database
GRP-3795
copy folder to same parent folder with different name will create an empty folder
GRP-3794
copying an object and keeping privs and having inherited privs can cause problems
GRP-3793
opt in on "groups I can join" neglects groups with effective memberships
FIXED in Grouper 2.6.6
GRP-3792
opt out on my memberships page is not correct- GRP-3791
first pass of jexl scripted groups for ABAC: attribute based access control
Grouper Emails in past month
- [grouper-users] ldap subject source issue, pchantry, 01/26/2022
- Re: [grouper-users] ldap subject source issue, Hyzer, Chris, 01/26/2022
- Re: [grouper-users] ldap subject source issue, Philippe CHANTRY, 01/26/2022
Grouper wiki updates in past two weeks
- Grouper Product Roadmap
- Grouper daemon "other job" to run a script
- Grouper daemon "other job" GSH script to monitor another "other job"
- Grouper reporting
- Grouper UI and version
- Grouper hook to ensure group does not exist in LDAP on group create
- Grouper Training Environment
- Grouper data structure improvements v3.0
- Grouper attribute based access control with JEXL script loaded groups
Next Grouper Call: Wed. March 2, 2022