Attending 

• Chris Hyzer, Penn, Chair
•  Shilen Patel, Duke
• Chad Redmon, UNC
• Carey Black, Purdue
• Vivek Sachdiva, Independent
• Jonathan Johnson (JJ) , Unicon
• Emily Eisbruch, Internet2  (scribe)

New Action Item

• AI Shilen look at GRP-3805
  cannot rename loader group (simple)  

DISCUSSION

•  Internet2 Intellectual Property Policy
  
• Approve minutes
  
• Review AIs  Grouper Project Action Items (Google Doc)
  
  

• Blog on Attribute Based Access Control (ABAC) with Grouper, has been submitted to Internet2 Marketing and Communications , should be in February 24,  2022 InCommon Newsletter.

 Current Work

Vivek

• Duo Provisioner done 
  • Duo roles are interesting
  • One role per user
  • Role is not a group on the target
  • It’s a value on one of the attributes
  • Had not had member metadata before
• Working on Remedy provisioner

Grouper Roadmap

• Chris posted Roadmap for Grouper 2.7 on Slack
• https://spaces.at.internet2.edu/display/Grouper/Grouper+Product+Roadmap
• Grouper 2.6 will be finalized, will include both new and old PSPNG provisioning
• Grouper 2.7 will have all the changes for Grouper 3.0, except the database changes
• Stay at Java 8 for now

Shilen

• Stem copy issues fixed
• Issue with override DNs, deleting object in LDAP
• Chris and Shilen will talk about secondary for search and match

Chris

• Grouper Training last week
• Issues with LDAP to SQL fixed
• GRP-3812 ldap to sql cannot be editted
• Regex issue fixed
• Postgres  driver and security

Chad

•  Grouper Training last week
• Good discussions, good group
• As Grouper Training Environment gets perfected, it helps with training
• There were questions   
•    group types, is there reporting, to get a list
•    Process for cleaning up disabled users
•    Add member versus add privilege
•   And more helpful feedback…See Google doc provided by Chad

• Tagging issue with Grouper builds
•      Working on it with Chris Hubing

Grouper Releases

• Hope to release Grouper 2.6.6 soon, perhaps in one week
• It includes many changes
• Grouper 3.0 database changes…  
•     Do we need a composite table if we have JEXL scripted groups
•     How do we want subjects to work in Grouper? We have always had subject API. Store the representation of users in the database?  Grouper can self provision or cache.  
•    We will have a design session in the future

Issue Roundup 

Jiras in past two weeks

• GRP-3816
  improve daemon item menu
  
  
• 
  GRP-3815
  improve daemon main screen menu
  
  
  GRP-3814
  allow gsh scripts to take arguments
  
  
• 
  GRP-3813
  add example for ldap unique hook
  
  GRP-3812
  ldap to sql cannot be editted   FIXED
  
  
• 
  GRP-3811
  allow edit provisioner from provisioner details page (not just from main page)
  
  
  GRP-3810
  ldap to sql should have option to not add attribute if no value assigned  FIXED
  
  
  GRP-3809
  add more timing to ldap to sql jobs  FIXED
• 
  GRP-3808
  upgrade postgres driver based on vulnerability
  
  
• 
  GRP-3807
  grouper diagnostics showing too much info
  
  
  GRP-3806
  errors on gsh container start ( came from training)
  
  
• AI Shilen look at GRP-3805
  cannot rename loader group (simple)  
•  
  
  
• GRP-3804
  on edit membership screen remove checkboxes and just have text (i.e. unchecking direct member does nothing)
  
  
  GRP-3803
  on group screen to show memberships of another group, allow to add a group (to add this group to that group) like subject screen
  
  
  GRP-3802
  extract base source adapter config file reads to a config object which is cached
  
  
• GRP-3801
  detect if subject attributes or source attributes are misspelled on subject api wizard
  
  
  GRP-3799
  ldap provisioner should get the DN from the CN... (not group attribute) if there is no translation
  
  
• 
  GRP-3798
  make it easier to replace chars in attributes in provisioning
  
  
• GRP-3797
  add osgi felix jars to Grouper for java authentication from unicon
  
  
• GRP-3796
  make jdbc subject source for testing editable and store in database
  
  GRP-3795
  copy folder to same parent folder with different name will create an empty folder
• 
  GRP-3794
  copying an object and keeping privs and having inherited privs can cause problems
  
  GRP-3793
  opt in on "groups I can join" neglects groups with effective memberships
  FIXED in Grouper 2.6.6
  
  
  GRP-3792
  opt out on my memberships page is not correct
  
  
  
• GRP-3791
  first pass of jexl scripted groups for ABAC: attribute based access control
  
  

Grouper Emails in past month  

• [grouper-users] ldap subject source issue, pchantry, 01/26/2022

• Re: [grouper-users] ldap subject source issue, Hyzer, Chris, 01/26/2022

• Re: [grouper-users] ldap subject source issue, Philippe CHANTRY, 01/26/2022

Grouper wiki updates in past two weeks

• Grouper Product Roadmap
• Grouper daemon "other job" to run a script
• Grouper daemon "other job" GSH script to monitor another "other job"
• Grouper reporting
• Grouper UI and version
• Grouper hook to ensure group does not exist in LDAP on group create
• Grouper Training Environment
• Grouper data structure improvements v3.0
• Grouper attribute based access control with JEXL script loaded groups

 Next Grouper Call: Wed. March 2, 2022