Child pages
  • Grouper Call 22-Nov-2011
Skip to end of metadata
Go to start of metadata

Minutes: Grouper Call 22-Nov-2011

Attending

Tom Barton, U. Chicago, Chair
Chris Hyzer, Penn
Jennifer A. Yuan, Penn
Shilen Patel, Duke  
Tom Zeller, Unicon
Jim Fox, University of Washington  
Steve Olshansky, Internet2  
Emily Eisbruch, Internet2 (scribe)

New Action Items

[AI] (Chris) will document the intended uses and limits of the non-person entities feature.  (DONE) https://spaces.at.internet2.edu/display/Grouper/Grouper+user+managed+entities

[AI] (TomZ) will talk with community members about reviewing LDAPPC-NG real time provisioning docs in January 2012

Carry Over Action Items

[AI] (TomZ) will review Jira issues for the next release and ensure they are properly fleshed out.

[AI] (TomZ) will review the Grouper LDAP Loader doc and provide feedback to Chris, possibly with lessons learned from LDAPPC work.https://spaces.at.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP

[AI] (TomZ) will update JIRA to reflect the priorities  

[AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment.  

[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.

DISCUSSION

Entities Naming Issue  

https://spaces.at.internet2.edu/display/Grouper/Grouper+user+managed+entities

- Entities are intended to be used for non-person things like UNIX accounts or schemas or service principals
- Jennifer Yuan, of University of Pennsylvania, joined the call to provide thoughts on naming the entities feature -- from the perspective of supporting end users.
- Jennifer suggested a name such as functional entities, or <adjective here> entities
- It's a subset of entities and we don't want to have to update documentation everywhere, regarding entities versus person.
- It will save work and be more intuitive to use a name that still implies "it behaves like an entity"

Name Ideas:
- user assigned entity
- assigned entity
- functional entity
- service entity
- access entity

- It would be good if the name implied nonhuman actors
- Name does not have to be decided on this call

TomB raised concerns:
- don't want people to use this entities feature to somehow start using Grouper as a person registry or a  central IdM system
-  these entities might become something folks could use when they should use other things in Grouper
- should we make them not provision able?
- could there be a switch that defaults to off?

- Jennifer: We should include language on the wiki that says Grouper is not intended to be used for these certain purposes and such features will not be expanded in the future.

- Chris stated that Penn might eventually want to be able to provision

TomB: - We should hobble the ability to provision entities

Chris: We implemented it the way we did so we can use web service and use the existing search with type of  "entity"
- But if we hobble that, it's too much work to implement it .

- Need to discuss further in the future.
- For now, Chris will document intentions and limits.

[AI] (Chris) will document the intended uses and limits of the non-person entities feature.  (DONE)https://spaces.at.internet2.edu/display/Grouper/Grouper+user+managed+entities

Grouper 2.02
 
Chris reported he was still working on subject search issues / subject batching performance improvements

- An issue in Grouper 1.6 and 1.7 is that searching for subjects can take a long time. There was no paging.
- In Grouper 2.0, there was supposed to be a limit on number of things returned. However this did not work well enough.
- For Grouper 2.02 Chris added paging, you just get first page of results returned from a subject search
- More work needed to handle the case of an interface with Kuali Rice eDoc Lite, such as is used at Penn
- it still does N queries, because it needs to get all the member IDs in Grouper to resolve the source and subject IDs
- Chris is adding a batch approach to provide multiple IDs to a subject source and get multiple subjects back in one query
- will be implemented for JDBC and JDBC2.
- There has been discussion on the list regarding what to do regarding vt-LDAP and LDAP
- Possibly do a longer filter or use threads to handle multiple threads at once

Q: Didn't member search and sort improvements in Grouper 2.0  already implement caching selected subject attributes in the Grouper member table? https://spaces.at.internet2.edu/display/Grouper/Member+search+and+sort+columns

A: Member search and sort involved caching the sort string, search string, name and description. But when displaying for a UI, when expression language is used, more info could be needed (e.g. firstname and lastname)

Q: How and when do cached attributes get freshened?

A: When a subject is resolved.

Chris noted that for the batching improvements he is now implementing,
- if subjects come from the group source or JDBC or JDBC2 source, it will require 2 or 3 queries
- LDAP may need a filter
- it's batched to max # of fine variables

Q: How will performance be impacted?
A: Most likely things will speed up a bit,  database performance will be better

The subject batching performance improvements will be ready for Grouper 2.02

Penn needs this enhancement, but can take it from tag. Penn does not require an official release.

Release Schedule

Should there be an official release for Grouper 2.02, or should we wait until Grouper 2.1 is ready?
Primary feature of Grouper 2.1 is real-time incremental provisioning (LDAPPC-NG) work

TomZ reported:

- plan is to have doc and examples ready for beta testers at start of 2012
- Shoot for release at end of January 2012 with a qualifier that this is beta/ experimental

[AI] (TomZ) will talk with community members about reviewing LDAPPC-NG real time provisioning docs in January 2012

Chris noted that the update member attributes stale state exception fix in 2.02 is something people might want prior to the Grouper 2.1 release.https://bugs.internet2.edu/jira/browse/GRP-692

We could tell the user community that Grouper 2.02 will be available if this "stale state exception" issue is causing you problems.

Q: Can we go back to having Release Candidates prior to real releases?
A: We have a properties file that cannot handle the "RC"
However, we can still have a period of time during which we call the release an RC release.

Next Call: Wednesday, 7-Dec-2011 at noon ET

  • No labels