Child pages
  • Grouper Call 23-March-2016
Skip to end of metadata
Go to start of metadata

  

Notes: Grouper Call Wed. 23-March-2016 

Attending: Emily, Shilen, Jim, Chris, Bert

===========

Reminder: Code freeze target for the Grouper 2.3 Release: March 28

Grouper Roadmap: https://spaces.at.internet2.edu/display/Grouper/Grouper+Product+Roadmap

===========

New Action Items from March 23

[AI] (Chris) may make an adapter / config switch so Messaging queue, permissions, changelog-publisher are all setup when a listener is created (if auto-setup property exists)

[AI] (Bert) Document how PSP NG can work with either messages or changelog, including taking advantage of the automatic listener setup

[AI] (Chris) will tweak /consolidate  the message-acknowledge method and add more params (including selective ACK and/or requeuing)

- [AI] Shilen will document that UTF8 mb4 is a no go

Carry Over Action Items

[AI] (Pregash) will ask for findings around accessibility that can be emailed to Chris prior to the meeting. Then Chris will be happy to schedule the meeting

[AI] Misagh look add hibernate-c3p0 jar to gradle/maven, and the upgrade to c3p0 (commit from Chris)

[AI] (Bert) create a wiki page off the Post PSP Provisioning wiki  page to explain the boundaries for provisioning subjects.  [March 23: Still pending]

[AI] (Misagh) provide update to Grouper Core list  to  be sure Gradle work will be ready for Grouper Release in April

[AI] (Chris ) clarify the Grouper roadmap around “Add remaining attribute/permission operations to WS”

[AI] (Chris) capture the TIER packaging direction in a Grouper wiki page, including environment variable strategy 

[AI] (Chris) make patching and upgrading work on a source directory (based on input from packaging survey)

[AI] (Chris) get rules into new UI, for inheriting privileges

[AI] ( Misagh) look on Grouper wiki for Java doc links and change them to grouper.io 


Completed Action Items

[AI] (Chris)  investigate connection between Internet2 enterprise Github and public Github (DONE)

  Chris  says: Seems to be no connection. People will need to get accounts on the enterprise Github. We will deal with this after the Grouper 2.3 release

[AI] (Shilen) create a wiki documenting the Loader work (DONE)

[AI] (Shilen) create wiki page on the hibernate work (mysql problem) (DONE)

[AI] (Shilen)  help Bert with examples for PSP-NG work (DONE)

[AI] (Bert} Clarify Grouper Roadmap around “Successor to the PSP first pass. Include AD and LDAP connectors” DONE

[AI]  (Bill)  see about scheduling Grouper content at Apereo Conference for Sunday, May 22 DONE

DIscussion

Current work tasks

Chris: TIER API for Grouper

 https://spaces.at.internet2.edu/display/DSAWG/TIER+API+SCIM+group+member

  • It is similar to the CIFER work with some things renamed

  • There is a generic servlet to be used with a Group interface that Grouper can implement

  • Works on the Grouper Demo Server, contact Chris if you want to help test

Chris: Messaging changelog consumer

    https://spaces.at.internet2.edu/display/Grouper/Grouper+messaging+built+in

Still some testing work to do on this

Return to Queue issue --

Bert: get changelog entries, process as many as possible in batch, the 1st might fail, but next might succeed, but w changelog you get same batch over and over since 1st one failed.

So selective acknowledgement would be helpful

Chris: you can

  • mark it as processed or

  • get it after the message times out or

  • return it to the queue

  • Return it to end of the queue

Grouper could provide options

A challenge is that different messaging systems have different options

With AWS you must delete the message if you don’t want it back

[AI] (Chris) will tweak /consolidate  the message-acknowledge method and add more params (including selective ACK and/or requeuing)

Big picture is to focus on testing

  • PSP-NG will be a message consumer, and possibly also a changelog consumer

  • [AI] (Chris) may make an adapter / config switch so Messaging queue, permissions, changelog-publisher are all setup when a listener is created (if auto-setup property exists)

  • [AI] (Bert) Document how PSP NG can work with either messages or changelog, including taking advantage of the automatic listener setup

  • Jim: don’t assume everyone will use messaging

  • Changelog can be an insurance if messaging does not work

  • Point PSP-NG to the queue

  • Need a changelog consumer that writes to the message [will be a part of automatic setup]

  • Bert - is wise to have 2 harnesses

=========

Chris will also try to get these features for the Grouper 2.3 release if possible

  • Also doing some UI work for inheritable privileges

  • And Make Patcher/Upgrader work w source directory

Shilen:

 Loader work is done.

Can go to new UI and schedule a job without bouncing the Daemon

Next : work on building and testing

-----------

Bert: PSPNG

Bert is adapting the PSP-NG to messaging as the driver. Will be done shortly.

Also working on Documentation for different target scenarios (AD Groups, LDAP Groups, LDAP Attributes).

------------

Misagh: Building and packaging, put this off for the next release

1.       https://spaces.at.internet2.edu/pages/viewpage.action?pageId=8775

---------

Vivek: WS

TIER update

·         Plan for TIER April release, See Blog http://www.internet2.edu/blogs/detail/10465

·         Grouper Code freeze Monday March 28

TIER API discussion on messaging (do we need ordered messages?)

  • To be discussed later today on TIER API call

  • PSP-NG Approach perform missing steps by reading missing data from grouper itself (eg, if a membership message comes in before a group-create message, psp-ng reads the group from grouper and creates the group, and then adds the membership).

Issue roundup

·         Auto-create composites

·         Quartz scheduling.  Generic job type perhaps?  (change log consumer, messaging listener, and generic?  Maybe for another release?

·         Sql server queries in loader CTE queries

·         Missing linkage PSP and database subjects [IU is okay now 3/23]

                Bert handled this one, it’s fine now

·         Grouper demo server logs via syslog

·         Grouper Open Apereo Conference session 


Title:  Grouper in Action - Access Management Strategies for Higher Education and Research

Time:   May 22, 2016, 9:00 AM - 12:00 PM

Location:    KC 905

Type:   Pre-Conference Workshop (half day)

Presented by:   Madan Dorairaj - Solutions Architect, New York University; Chris Hyzer - Application Architect, Grouper Team Lead, University of Pennsylvania; Julio Mascavilca - Senior Application Developer for Identity Services, New York University; Jeff Pasch - LMS Product Director, New York University; Bill Thompson - Director Digital Infrastructure, Lafayette College

Grouper is an enterprise access management system built by and for higher education, and is a key component of Internet2’s Trust and Identity in Education and Research (TIER) initiative. Designed for highly distributed and heterogeneous information technology environments, Grouper is uniquely suited to address the complexity and flexibility required by the modern institution.

This seminar will introduce Grouper, demonstrate a variety of real world use cases in action at University of Pennsylvania, Lafayette College, and New York University, and provide participants with some hands on operation and configuration experience. Come learn and see what Grouper can do for your campus!

Bill Thompson change log consumer [After 2.3 release?]

UTF8 mb4 is a no go  --

  [AI] Shilen will document that UTF8 mb4 is a no go

UI timeouts (maybe we need a different timeout for uploads?)  (maybe make configurable?)  (jira?)

Heap space on loader?  Profile?

Strange error with Grouper PIT

  • Issue UCLA had w corrupt timestamps added to attribute action table.

  • Shilen emailed them on this

  • Waiting to hear back

Global Summit 2016

TIER Working Group and Developers Meeting to be held

May 19, 2016 , 9am - 12:30pm in Chicago

Important:

Grouper BOF at Internet2 Global Summit is Wednesday, May 18, 12:00-1:00PM

Next Grouper Call: Wed. April 6, 2016 at noon ET

 


 


 

  • No labels