Child pages
  • Grouper Call 13-Oct-2010
Skip to end of metadata
Go to start of metadata

Grouper Call 13-Oct-2010


Tom Barton, U. Chicago, (chair)
Jim Fox, U. Washington
Keith Hazelton, U. Wisconsin
Chris Hyzer, U. Penn
Gary Brown, Bristol
Shilen Patel, Duke
Tom Zeller, U. Memphis
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

AI (TomZ and Chris) will work on releasing Grouper 1.6.2

AI (Chris) will develop a wiki about reflecting subjects in Grouper

AI (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.

Carry Over Action Items

AI (AnnKW) will make the reorganized wiki test site available for review by Grouper developers.

AI (TomB) will explore new international participation for work on the Grouper UI.

AI (Rob) will look at issues relating to testing the ESB Connector and contact Chris about moving the ESB work to the web services project.


Grouper 1.6.2 Release

It was decided to release Grouper 1.6.2 within the next few days.
It will include JIRA 496 to " allow a filter on membership lite subject finder on add member and import for group name"

The new package builder makes the release process fairly simple.
AI (TomZ and Chris) will work on releasing Grouper 1.6.2

Grouper WG at 2010 FMM

Grouper WG at FMM is Monday, November 1, 2010, 1:00 PM - 2:15 PM

The proposed agenda is found on the wiki at:

There was a suggestion to add to the agenda an item about advantages/disadvantages of the flattened membership table. However, the decision has already been made to remove the flattened table from future Grouper versions.

Jim suggested an agenda item on subject search keys. "Reflecting subjects into Grouper" was added to the agenda.
AI (Chris) will develop a wiki about reflecting subjects in Grouper

Keith suggested an agenda item on SPML. It was noted that TomZ is will talk about SPML in a panel at the Bleeding Edge of Identity Management track session.

If time allows, Chris will present on U. Penn's usage of the Grouper Kuali integration for workflow.

Other FMM sessions of interest:

Using Grouper: Campus Case Studies
November 02, 2010, 1:15 PM - 2:30 PM
Location: Chancellor II
Steven Carmody , Brown University
Jim Fox , University of Washington
Richard James , Newcastle University

Delegated Access Control in AD using Grouper (netcast session)
November 02, 2010, 4:30 PM - 5:30 PM
Location: Wilton
Rob Carter , Duke University
Shilen Patel , Duke University

Grouper Demo

The Grouper demo site is working, but access is by invitation only. A username and password is required.

The group decided to open up access to the demo so that people can sign on with their federated credentials. A possible disadvantage is that some may try to use the demo as an actual Grouper service. It was agreed to put the word "demo" in the URL.

Chris is working on implementing self-serve federated access to Grouper.

TomZ stated that the LDAPPC-ng (provisioning) part of the demo is not yet ready.

How will Grouper web services be protected? Maybe those should not be "self-serve." Many organizations are facing this challenge of protecting web services in a federated environment. Jim suggested that a certificate should be used. TomB noted that in SAML there is an ECP profile that can be used to protect web services.

There is the question of how the client authenticates to the server. The user might not have access to the data, but some trusted application ID might. Sometimes the middle tier has its own credentials. Perhaps the group will discuss this further at the Grouper call on Wed. Oct 27.

Grouper Documentation

TomB emphasized the importance of the documentation work being done by AnnKW, Rob and others.

Rob has made some chapters of his Grouper documentation available for review

AI (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.

Ann KW is leading a small group to better structure the Grouper wiki. The new Grouper Wiki is patterned after the Shibboleth wiki.

Ann KW has agreed to take a continuing role in stewarding Grouper's doc over a period of time.

Reflecting Subject Data into Grouper

This topic will be discussed about at the Face to Face Grouper WG at FMM. Today's discussion is a prelude to that/

Chris: Grouper needs to be able to quickly search for subjects and groups and to return subjects and groups sorted across all sources. To make this happen we need to store more columns in the Grouper members table and update those periodically.

Jim: Experience at U-W indicates it's easy to put sources completely into Grouper. You can maintain the sources through Grouper, for example if someone was just added, as long as there is a mechanism for going to the system of record when you add a member. The issue of having a cache within Grouper is not a major problem...most LDAP directories are also caches of another system of record

Chris: What would be cached would be data that has been used in Grouper. This would make it easy to find employees whose name is John. This would not make it easy to search for all people named John.

Jim noted that people want to search in many different ways.
FERPA restrictions sometimes mean that names cannot be used for sorting. A login identifier must be used instead.

Another option: just put the source data in Grouper and leave it to the IdM group to synchronize info into that . A good topic for the face to face WG: Should strategy be caching or syncronization? Grouper should be easy to use for people who have JNDI and for people who use a database. We are focusing on two different modes of adoption of Grouper

Note: Add to the agenda for a future call : Discuss a stem set table to reflect the structural relationships among stems.

Next Meeting: Wed. Oct. 27 at noon ET

  • No labels