Child pages
  • 28-Nov-2018
Skip to end of metadata
Go to start of metadata




  • Chris Hyzer, Penn, Chair
  • Shilen Patel, Duke
  • Bert Bee Lindgren, Georgia Tech
  • Chad Redman, UNC
  • Vivek Sachdiva, independent
  • Matt Black, The Ohio State University
  • Emily Eisbruch, Internet2

New Action Items

  • [AI] (Chris) for the types work Vivek is doing, Chris will update the wiki with a strawman on links to the owner of the type relationship

  • [AI] (Chris) for the types work Vivek is doing, Chris will suggest some security parameters , Chris will email the users list to get input

  • [AI] (Shilen)  email the Grouper list with the Daemon Screen work

  • [AI] (All) Go through report from Chad on unresolved JIRAS,  see Chad's email of 11/14/2018

  • [AI] (Bert) make the Grouper installer change
  • [AI] (Bert) release patch for LDAP attributes


Current work tasks, and next tasks

Vivek – Object types


  • Chris will send Vivek info for the screens.

  • Best way to indicate direct or indirect ?

    • For privileges checkmarks are light grey or dark.

    • Matt does not like the hidden tabs, does not like use of a button.

    • Chris: we have same structure for attestation and other screens so it’s a different discussion.

  • Loader job, services, can we link horizontally to the owner of the type relationship to the group

  • [AI] (Chris) update the wiki with a strawman on links to the owner of the type relationship

  • Using Tooltips and links are a good idea

  • Think about what should be displayed by default

  • For multiple types, sentences that look like a paragraph.

  • “Ref” and in paren a link to the loader job

  • So Type and tooltip and optional link

  • These are attribute based

  • How does access control work?

  • Chris: these are public, if you can view a group you can view this

  • It’s not sensitive, it’s just descriptive

  • Matt: Details of the query could be sensitive

  • Bert: if you click on the loader job, there may be details to hide

  • Attribute is query description, could be sensitive and not good to be public

  • Want to allow the right people to see the attributes

  • Risk that no one will use this feature,  this was intended to be public

  • Could allow for other, private attributes

  • If we get into adding your own types, then there could be private attributes

  • Vivek: Daemon job work is still to be done

  • Which use case requires background job?

  • Chris: hard to trust real time changes

  • Should check the hierarchies to be sure they are right

  • Vivek: some values don’t have anything to show for certain fields, that’s OK

  • Vivek: need to refactor some code and run the daemon job for hierarchy

  • Not doing attribute security, so need to be group admin to configure the attributes.

  • Shilen: could be use cases where you want to prevent just anyone from saying their group is a ref group.  

  • Some should be able to be assigned by group admins, but some should require a sys admin.

  • Matt: if value for attribute name can be derived from a query, then you could ? that so the value of type name could be their own structures.  To control who can see Ref groups, who can see policy groups, who can see Basis group

  • Bert: this is replacing free form description paragraph and providing structure to it.

  • The technical cost of trying to enforce lots of vetting is problematic

  • Want this to be easy to use, but need some security

  • [AI] Chris suggest some security parameters, Chris will email the users list to get input

Chris – Database configs

  • JSON string  
  • To help the UI display the config item and help user enter the right thing
  • What setting need to be restarted?
  • Reloaded every 60 seconds by default?
  • Chris will think about this
  • Will support morph string
  • Morph string will be outside the database
  • Some items are  sensitive and should not be displayed
  • Support for paragraphs? That’s the Regex part.. Need to think about this
  • PSPNG will have its own wizard
  • Q: How does this work w custom properties or hooks?
  • A: everything is laid out in sections from the base file.
  • Could be freeform at bottom of  screen for a key and a value


Bert – PSPNG patches

  • Master branch of API not compiling last few days
  • Created version of installer that did not compile API for PSPNG patches
  • Do we need to  be compiling API?
  • If should check in changes that are PSP specific?  Or generalize them?
  • Chris: we need everything in GIT to compile, If it does not, comment out the part  and ask the submitter to fix problem
  • Chris: It’s OK to change someone else’s code to make it compile.
  • send emails to the core team around such issues 
  • Using maven local repository
  •  ant build, does not install into local maven repo
  • Bert: changes only kick in for PSPNG
  • Possible to make more available if needed
  • Idea of getting latest jars into the build process
  • This is a decent way to build from recent code and live with unstable branch
  • Bert is doing a create patch for PSPNG
  • It is ant based
  • Script needs to run before running the installer
  • Environment used to get ready off current branch being patched
  • That used to be OK, but if failed in last weeks when branch did not compile.
  • Matt: should we  stay with both ant and maven. 
    • Move to Gradle?
  • Need to discuss in future.
  • Bert will make the Grouper installer change
  • Bert will release patch for LDAP attributes 
  • GRP-1908 patched (ldap cred logging)


  • Patch of Daemon screen
  • Modifying the creating process of loader job
  • To have option to schedule immediately
  • We default of yes
  • Can sync to use daemon instead of UI
  • Copying Daemon logs from loader screen to Daemon screen to see the status
  • Q: Is there a way to prevent the UI from running a loader job?

[AI] Shilen will email the Grouper list with the Daemon Screen work

Chad – patches and next task?

  • Closed two issues , no patches, will be in next release

  • Config hibernate and environment properties

  • Look  in files

  • Will help w the Database Config work that Chris is working on

  • Chris will include these classes

  • These are resolved Jiras

  • Maven builds does not have build timestamp

  • So Chad went thru pom files and fixed this

  • Did a few minor adjustments w ants

  • Chad will work on the visualization topic from Aukland and M. Gettes

  • Good starting point  

  • Can be converted to java

  • Start w something simple on a group…

  • Get patch so people can look at it

  AI  All Go through report from Chad on unresolved jiras , see Chad's email of 11/14/2018

 Issue roundup (did not have time for this on the call)

  • Matt: status servlet should not use config file

  • Matt: PIT API parity with non PIT

  • Pull request for missing UI images

  • Pagination with find members (something to do here?)

  • Auto patching version number

  • Group attribute filter

  • Pspng missing classfile?

  • Grouper UI filtering

  • Reload properties files

  • Finding subgroups in WS

  • Database corruption on upgrade

  • Finding admins of services

  • GSH wiki improvements

  • Grouper types wiki, what to do

  • I2midev6 monitoring
  • Brown looking for permissions use in Grouper

Next Grouper Call: Wed, Dec 12, 2018


  • No labels