Child pages
  • Grouper Call 2-Mar-2011
Skip to end of metadata
Go to start of metadata

Grouper Call 2 -Mar-2011


Tom Barton, U. Chicago, Chair
Chris Hyzer, U. Penn
Jim Fox, U. Washington
Lynn Garrison, Penn State
Rob Hebron, Oxford
Shilen Patel, Duke
Tom Zeller, U. Memphis
Ann West , Internet2
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)

New Action Items

[AI] Chris will put attribute framework UI work on demo site

[AI] (LynnG) will create a JIRA issue regarding performance benchmarking

[AI] (JimF) will add the new JNDI source adapter into the subject SVN

[AI] (Shilen) will ask the list and open JIRAs about the "timestamp as updated" issue

[AI] (SteveO) will add a documentation request page on the Grouper wiki

Carry Over Action Items

[AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment. (status: Will be ready by end of week)

[AI] (TomZ and Chris) will discuss/work on LDAP Grouper Loader for importing groups. JIRA 442

[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.

[AI] (TomB) will explore new international participation for work on the Grouper UI (status: will handle this on release of Grouper 2.0)

Reminder:   Agendize Grouper UI strategy for after the release of Grouper 2.0.

Wiki & Grouper Documentation

  • Wiki Resuscitation - SteveO has completed what can be done to fix issues that arose as a result of the recent wiki move
  • TomB will be requesting funding for additional help with the wiki. Would be good if this person could do some Q&A work on the doc. TomB would like suggestions on what specifically ought to be done to make the doc better.
  • SteveO pointed out that the Shibboleth documentation has a section for managers and a section for more technical people
  • Jim noted that the GSH documentation could benefit from more examples ( though there is an issue with examples that they sometimes need updating when a new version of the software gets released)
  • Lynn G noted that questions around Grouper performance that arose in a Penn State Meeting were not findable in the Grouper doc
  • There is a category in JIRA for documentation.
  • [AI] (LynnG) will create a JIRA issue regarding performance benchmarking
  • Would be good to have a place on the wiki where people can request documentation  [AI] (SteveO) will add a documentation request page on the Grouper wiki
  • Emily made suggestions on structure of documentation, summarized in an email dated 3-3-11 to Grouper-Core

Feedback on Attribute Framework UI work

There was positive feedback on the work Chris did on the attribute framework UI

[AI] Chris will put attribute framework UI work on demo site

Chris stated that in the future (beyond Grouper 2.0) more features will be added to this attribute framework UI, including a tree view and ways to understand / visualize the hierarchies and dependencies. Could incorporate some of the visualization approaches (folder browser metaphor) used in the GIP RECIA UI.

JNDI Source Adapter

Decision was to offer the new JNDI source adapter as another (preferred, default) way of doing things, not to completely replace the existing source adapter.

  • The new JNDI source adapter configures quite differently from the existing one.
  • Would not work as a drop in replacement, existing config files would need to be updated
  • New JNDI source adapter can configure with a sources.xml file and can also use a property file for configuration.
  • It allows certificate authentication to LDAP
  • Chris noted that all of the config files are on the class path and an example one gets copied

[AI] (JimF) will add the new JNDI source adapter into the subject SVN.

Subject is Unresolvable

  • ScottK asked how it's handled if the Grouper API is unable to resolve subjects from the LDAP on
    behalf of LDAPPC because it cannot authenticate to the LDAP
  • Jim stated the opinion that Grouper should not run if subject source unavailable
  • Chris suggested that the UI or WS should not shut down if the source is not available.

Chris opened a JIRA to handle this

  • throw a "source not available" if source is down when searching sources.
  • mark a source as critical and if so then don't continue

When should a Membership be Timestamped as Updated?

Jim found that updating member change times slows the DB:
Should we have an option not to update privileges, or to handle privileges in a different column? Separating them out into effective membership, direct membership or privileges could solve some of the problem.

At U-W, timestamps are used for etags on restful membership requests.

Q: Does LDAPPPC  still use the last membership change column?

A: yes

Decision was:

Add the column last_imm_membership_change to grouper_groups that would have the timestamp of the last immediate (not effective/composite) membership (including privileges and custom lists) add or delete for that group.


Next Call: Wed.  March 16, 2011 at noon ET


Meetings of Interest:

- At SMM Meeting in April 2011

  • Grouper Working Group , April 18, 2011, 10:30 AM - 11:45 AM
  • Also at SMM: "Balancing Risk and Opportunity for an Institutional Groups Service," Michael Brogan , University of Washington,  April 19, 2011, 8:45 AM - 10:00 AM

- In May 2011:               

  • No labels