Grouper Call 13-July-2016

Grouper Call Wed. July  13, 2016

Note: this call was devoted to discussion of the NYU use case.

Attending:

Chris Hyzer, U  Penn, Chair

Nick Roy, InCommon

Mike Zawacki - Internet2 

Michael Hodges, U of Hawaii

Gary Chapman, NYU

Julio Macavilca, NYU

Shilen Patel, Duke

Jon Miner, U Wisc

James Babb, U Wis 

Bill Thompson, Lafayette College

Jim Fox, University of Washington

Gail Dunmire, PSU

Kumi Hagimoto, Oregon State University

Emily Eisbruch, Internet2

Discussion

• Welcome to Gary Chapman, NYU

• Welcome to members of the TIER-API and TIER-Registries Working Groups

NYU materials:

Project summary: 

https://drive.google.com/file/d/0B15g56CxPnnvQnR6b0JpNnhCc00/view?usp=sharing

Screenshots: 

https://drive.google.com/file/d/0B15g56CxPnnvVUhfVlVNcmxlRXc/view?usp=sharing 

• NYU is developing a full fledged IAM service at NYU and leveraging Grouper

• NYU has been using Grouper for several years

• Decided to move to the next steps regarding groups management service

• Plan to publicize to application partners throughout NYU that we have a defined process for groups (like SSO is publicized)

• Hope to have groups management for an increasing number of services

• This enhanced group strategy fits well with applications being developed at NYU. such as new portal system

• Encountered issue with Google Apps

• Had allowed people to create groups

• Had 10,000 - 20,000 user created groups

• Issue with people creating a group with all NYU community members

• So use of Google Groups was then restricted to admins, not self service anymore

• Plan is to create a UI that is as simple as possible for end-users

• Users will designate which applications the groups will be visible to

• Google groups will be key

• If that is successful, the assumption is that the mechanism will take off and be used more broadly

• Pulling data from Grouper or LDAP

• Provisioning and deprovisioning mechanisms will be part of this app being designed

• Grouper UI will be key tool for admin use

• There will most likely be a “people picker” via people search, elastisearch, portal, flexible, fast

• Most likely a Java application using Grouper web services

• Hope to contribute this work to the community

• U-Wisc is using a system they call Manifest with Grouper on the backend - Manifest "Getting Started" doc: https://kb.wisc.edu/helpdesk/page.php?id=27796 

• https://spaces.at.internet2.edu/pages/viewpage.action?pageId=25864879

• Written in dot net , using SOAP

• Outsourced development of the UI

• U. Washington has a front end to Grouper developed in Spring

• Chris suggests, start w Grouper web services  or the client

• Bill T , Lafayette,  notes there is also the Duke?? toolkit

• There is much demand for Self service group management, connecting groups to optional applications

• New Grouper UI has helped

• Some connecting glue is still missing

• And connecting to applications (doing service provisioning) in a consistent way

• Bill hopes that eventually the Grouper project , in context of TIER, will tackle this need directly
  
  

• Chris: one of the gaps is the service tag feature and the relationship to provisioning

• JonM: Would be nice to solve this need for institutions that cannot create their own custom screens for self-service group management , etc

• JonM: Ability to skin the Grouper UI would be helpful

• JonM: Strong connection between an institution’s IDM approach and how they want self service Grouper to work

• Jim: a common API will be key

• NYU will provide an update on their progress

• Ideally NYU code will be shared on GitHub to help the community

NYU Screenshots:

https://drive.google.com/file/d/0B15g56CxPnnvVUhfVlVNcmxlRXc/view?usp=sharing 

• Deprovsioning strategy
  (Please elaborate more on the deprovisioning ?)

• Some form of notification for approaching end of life

• Workflow process

• NYU uses ServiceNow

• Chris : Grouper roadmap has plan to implement expire dates for Groups themselves

• There are currently expire dates on privileges and memberships but not on groups"

• Should some groups have more than one owner/manager?

• Advice from UWisc - need to be able to manage which groups are shown for a person. Don’t want people to have to see 5 pages of groups when they sign in

• Issue of opt-in and opt-out for groups has been discussed at U-Wisc

• Create Group - goal is to have this be as simple as possible

• Collaboration is the endgame

• When creating a group, there may be a field for “Collaboration Space” as shown on screenshot, this won’t be in release one, but could be useful in long run. Collaboration space might be a folder to start

• Q: does group manager need to be a group member?

• A: maybe not

• Request for Grouper project to enhance Grouper so a tab can be added to extend the UI

• Goal is to associate applications

• Chris: there is complexity of such a tab in connection w provisioning

NYU will keep info flowing on the Grouper-users list about their project.

Advice from Chris: focus on using web services

• Example of self service groups at Brown

• https://sites.google.com/a/brown.edu/browngroups/

• https://spaces.at.internet2.edu/display/Grouper/Brown+University

TIER at Tech Ex -

Please sign up here for the TIER Working Group Members and Developers meeting, Thursday Sept 29, noon -3pm.