Child pages
  • Grouper Call 17-March-2010
Skip to end of metadata
Go to start of metadata

Grouper Call 17-Mar-2010


Tom Barton, U. Chicago  (Chair)
Gary Brown, Bristol
Rob Hebron, Cardiff University
Shilen Patel, Duke
Chris Hyzer, U. Penn
Tom Zeller, U. Memphis
Steve Olshansky, Internet2

*New Action Items*

[AI] (Chris) will give examples related to v1.6 attribute framework capabilities

[AI] (RobH) will add performance numbers on the ESB connector wiki page

 *Carry Over Action Items*

For SMM:

Note: these proposed presentations are subject to change.
   [AI] (Shilen and Rob) will present on using the new Grouper priv. mgmt features to manage access in Active Directory.
   [AI] (Chris) will demo the Grouper Kim workflow.
   [AI] Chris will to do a notification proof of concept demo.
   [AI] (Chris) will demo using web services to define permissions.
   [AI] (TomZ) will think about what to say about Ldappc - ng for Grouper 1.6
   [AI] (Shilen) will present on Grouper performance issues
[AI] (TomB) will send Emily an update to the abstract

*Grouper at Jasig*

TomB reported on the Jasig Spring 2010 Conference in San Diego, March 8-12. In general at this conference, there was a lot of discussion about people using or planning to use Grouper. There was a presentation on Kuali Identity Management (KIM) and various integration projects, including the Rice KIM integration with Grouper.  Positive comments were expressed about the collaboration. *Grouper-uPortal Integration* At Jasig, TomB talked with uPortal developer Jennifer Bourey about  Grouper and uPortal integration. uPortal eventually plans to outsource group management functions capability (GAP) to Grouper.  uPortal would be bundled with Grouper in that space.

Defined Phases are:

Phase I:

Read-only GAP interface for grouper
WS client to allow grouper groups to be used in the portal.

Phase II:

Make GAP interface read-write
Source adapter to let portal-local Subjects to be in grouper groups
New group admin UI in the portal

Phase III:

Refactor PAGS to extricate it from GAP and integrate with PD
Add tools to pull groups from external sources into grouper
Gary commented that uPortal currently has a lot of interfaces and flexibility.  After the Grouper uPortal integration, will there still be flexibility for uPortal users in handling groups? TomB noted that uPortal's successful GAP interface will not be replaced.

Gary also wondered, will the permissions side of uPortal be handled in Grouper or uPortal? TomB replied that there is a need for more discussion on that topic.

Gary noted that uPortal may have a wider range of databases than Grouper currently tests. TomB captured this concern on the wiki.
An attribute to group resolver will be part of Phrase III. Chris noted that the issue of dynamic groups has been discussed on the MACE-paccman calls.

TomB stated that in the future, Grouper should have ability to reflect groups from LDAP into Grouper. This could include groups defined by subject attributes. Possibly a PD (person directory) could be used.

*Grouper to ESB Connector*

Ron has made substantial progress - and has a working prototype - on the Grouper to ESB connector project. Event notifications (membership and group changes) are packaged in JSON format.  Rob has not yet tackled the issue of converting to XML.  Rob has tested performance on his laptop, and speed seems good.  He will post performance information on the wiki.

[AI] (RobH) will add performance numbers on the ESB connector wiki page
Chris suggested implementing another place in the message to send a list of subjects. Rob agreed.
Rob noted this connector could be put into production at Cardiff University in about one month.

*ESB to Grouper Link*

Ron has begun thinking about the ESB to Grouper link (going the other way). This would provide capability beyond what web services can do. It would facilitate Grouper listening on an XMPP channel. Implementation would probably involve turning this link on or off in Grouper Loader properties. Need to choose one or more protocols that will give good coverage. Offering an example that works and can be tweaked would be a good first step.

Q: What kind of events would Grouper want to source from the outside using this link?

A: Events that happen in a directory, such as a new user who needs to be added to groups. Cardiff has code and business logic for this. Implementing the link would mean the business logic is in a more central, transparent location. A campus could still use the Grouper loader daily but also have this ESB to Grouper link to add a user in real time.

*Attribute Framework for Grouper  1.6*

Chris has been working on the API logic for the new attribute framework -- multi assigning attributes, assigning values, and assigning multiple values

Grouper 1.5 offers only marker attributes. With this new work,
attributes could have a type of maker, string, integer, floating, or member.

There  will be methods to query for all the attributes for a group or a membership

After Grouper 1.6 , a next step will be to provide filters, validation and formatting on the values, including potential restrictions. There are already built-in Grouper privilege restrictions. Some concern was expressed that this aspect could become overly complicated.

TomB requested that Chris provide concrete examples of the new capabilities.

[AI] (Chris) will give examples related to v1.6 attribute framework capabilities

Next Meeting: Wed. March 31, noon ET

  • No labels