Attending

Chris Hyzer, Penn, Chair
Shilen Patel, Duke
Chad Redman, University of North Carolina Chapel Hill
Vivek Sachdiva, independent
Jeff Williams UNCG
Carey Black, the Ohio State University
Emily Eisbruch, Internet2

Administrivia

https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
Approve minutes
Review AIs Grouper Project Action Items (Google Doc)
Agenda bash

New Action Item from this call

AI Shilen - Create a JIRA and assign to Chris Hubing for adding metadata for registration to Grouper Demo Site Access
AI Chris - look at how to use the UI text for localized error messages

Discussion

Roadmap

Grouper roadmap engagement with the community is being worked on
SteveZ will provide best methods for community outreach around Grouper 3.0

Ideas:
Next 6 months, finish Grouper 2.5, including

Provisioners
Improved performance
Next generation of subject sources
Migration of subject sources

Next version will be Grouper 3.0
Ask community for medium sized tasks needed in Grouper

Wait for Grouper 3.0 to add new features
- Example: secure file for report
- Membership not hitting failsafe limits
One month fixing JIRAs
Message will be:
- Grouper 2.5 will be long term support
- Grouper 2.5 is the supported version
- Monthly releases of 2.5 for bug fixes, low risk upgrade
- Please upgrade to it
- Migrate to new subject sources and new provisioning
Decision around migrating to postgres
- Better performance
- Document how to run postgres for those who dont run it
- Performance benchmarks
Database is using too much resource
We evolved the Grouper database with many layers
Use less memory in the tomcats
Change existing tables or make shadow tables
Same challenge with indexes, if we start over with structure it can become more efficient
Multiplicity of queries due to need to run tests
We can become more effective
Cache things and clear out cache for testing
Make production more efficient
Are we supporting batching efficiently?
Make sure things are batchable
Memberships and attribute assignments are most important
Like Shilen improved the changelog, using batching
Do we want to keep hibernate?
Adds overhead
Does Clobs and blobs seamlessly
Does paging well
That may not be an issue if we go to Postres
May not want to move away from Hibernate
Move away from ehcache?
Be more mindful of when we are using ehcache?
Privileges , using a lot of chaining code
Web Service w JSON
Soap XML can be off by default
Grouper Client is using XML , can switch to JSON
Get rid of old libraries with issues
Consider items that would make a big improvement
question: what would replace hibernate with?
Look for something lighter weight
Need to research this
Nested groups
Query planner issues
Grouper fields table is because we used to have custom lists
Memberships table may be used for too many items
Split things out into single purpose tables may help with performance
UI issues, so many pixels wide
Challenging for visualization
Upgrade all libraries… should be part of build/release cycle, should be automated
Shilen: Some UI improvements may be possible prior to Grouper 3.0
Table redesign, the views would still work as is?
Yes , or perhaps have some Grouper v3 views that are more efficient
Handling of UUID
Keep legacy working and also evolve
Provide a way to migrate over time
One database only could be an issue for some sites
Backups with postgres require some support
Matt: Folder privacy is important
Suggestion to have folder privilege
Set of hidden groups where each group maps to a folder
- If you add a folder privilege, leave opportunity to use loaders
- We will need to delve into the best approach
JasperReports has stand alone web server now
Present an outward facing view with priv based logic?
Add a reporting engine bolt on
Making all existing audit report things work
Documentation improvements
Matt: GITLAB, moving away from wiki
Helps with version control
Jeffrey: migration from Oracle to Postgress could be an issue for some
Cosmetic issues with the Grouper UI

Current Work

Vivek

Worked on object types
Attributes on stem, more consistent model
Deprovisioning and attribute propagation will happen in background
Shilen worked on minimizing number of queries
Improving efficiency
Changelog consumer controls the process
Provisioning is special case since there are sync tables
Request for Chris to review Vivek’s work
Now working on Custom UI

The community has not taken advantage of Custom UI yet
JSON and attributes on groups is a speed bump
Need to migrate how Custom UI works
Use Grouper Config, like GSH template works,
Model config of custom UI and have a wizard
Meta Config into properties file
Migration utility to take JSON and migrate to properties

Chris

Did a build, Maven worked
Hope to get build out today
70 Jiras
GSH template fixes
Some reporting fixes
Manage interface for VPNs
Adding more validation to provisioning
First level of validation is stuff in JSON and config file

Shilen

Made performance adjustments
LDAP DAO was getting repeated queries, resolved that
Code as is now, when you go into UI and set something as provisionable, there is direct assignment, gets propagated, changelog runs as part of provisioner, replicates to group sync table
UI will still allow provisionable, but skip setting in attribute framework,
Gets set in sync tables
Changed to return what propagation should be
Makes LDAP full sync test pass
Will work on metadata issues and incremental
Need to add a column in Grouper sync table for groups for metadata
How does that fit into group propagation?
Chris: If we keep the member and membership metadata in attributes, since no indirect assignments, then we are OK
Shilen will focus on groups, not on membership
To add column in Grouper sync group table,
Chris has a wiki on DDL changes that will help
DDL and Grouper v2.5
Shilen: Work again on DN overrides

Chad

Doing Grouper projects for UNC
GSH Templates on mock database
Used InteliJ so aware of Grouper libraries
Worked well, has not gone out to actual environments yet
Provisioning work: less straightforward
Lining up attributes was an issue
Issue on provisioning: multiple types you want to provision, person type or application types.
About 50K subjects
Design issue: if you have multiple subject types to provision, all LDAP, you can have person types UID= or application types, CN=, with different subject sources and different checkboxes, how would you look them up, you just have single field,
What Logic to use for this
Need to think of logic, perhaps related to subject source
Documentation is conceptual, it not explicitly telling you what “you need this in this field”