Notes: Grouper Call of Wed. March 25, 2015 at noon ET
Attending:
Chris Hyzer, U. Penn, (stand-in chair)
Jim Fox, U. Washington
Shilen Patel, Duke
Misagh Moayyed, Unicon
Emily Eisbruch, Internet2
New Action Items from March 25, 2015
[AI] (Misagh) add the code environment issue to the Grouper roadmap
and start a wiki page listing requirements
[AI] (Dave) review Chris’s message format example config page and provide Chris with thoughts/reactions. If Dave agrees on the message format work, then Chris put together a proof of concept.
Completed Action Item with Link
[AI] (Chris) show example of Person Web Service to illustrate how we might proceed regarding message formats. Include configuration example. (DONE)
Carry Over Action Items
[AI] (Chris) work on moving objects via web service (started)
[AI] (DaveL) record ideas about handling categories (Brown’s case) based on the Feb. 11 Grouper call discussion on the Post PSP Provisioning page (TODO)
[AI] (Misagh and Chris) test the unmappable character issue using Unicode. Then create wiki page to document the approach. (DONE)
Misagh created a JIRA for a new issue he found.
Non-english chars don’t seem to render correctly
https://bugs.internet2.edu/jira/browse/GRP-1128
Chris suggests to try this on installed version, not on Dev
[AI] (DaveL) follow up on provisioning empty groups to LDAP to be sure the solution is documented (TODO)
[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3. (ongoing TODO) Page with list
[AI] Chris produce training videos on upgrading and patching. [Upgrade one is done but has a quiz bug. Patching is 75% done] (DONE, Emily needs to upload to youtube and link)
[AI] Tom to bring pen testing need into TIER process (remains long term)
DISCUSSION
Revising code environment
MIsagh raised ths issue of revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync). Suggestion we do this for Grouper 2.3. Should be on the roadmap. What will the tool be?
Options:
Ivy: keep existing ant scripts and use Ivy for dependency retrieval
Maven: Remove ant build script and let maven drive both the build and dependency retrieval. (create various profiles for each env)
Gradle: Remove ant/maven build scripts. Use groovy scripts to retrieve dependencies and drive the build
Need to figure out versions for each dependency.
If we use ant, must convert to maven format?
If we use Gradle, can script everything
Gradle is most modern and natural way to do a build
Conversion from ant to Gradle may be time consuming
Gradle lets you declare repositories
Gradle is compatible w Maven, it knows to look at Maven Central and your local Maven repository
Maven has concept of profiles,
Maven can look at jars not in a repository (not sure Gradle does this)
Gradle is closer to ant conceptually
Must configure to get source files
We need to describe our requirements before we choose a tool
Misagh found that that are jars that do not reference a version in filename, so some research will be required
Chris: version is in the jar manifest
[AI] (Misagh) will add this code environment issue to the Grouper roadmap
and start a wiki page listing requirements
Quick items
· Grouper patch error with changed file
Chris documented how to address that situation on the Grouper patching wiki
https://spaces.at.internet2.edu/display/Grouper/Grouper+patching
· Disabled date
Shilen: this is a good idea
Chris needs to think about this request, and look at the API
Perhaps use Checkbox for non-enabled?
· Loader big swing in group membership
Chris: problem w truncating a table
· Point in time audit question (Shilen did not hear back on this, so assuming things are OK for now)
message formats
Chris suggests a solution that allows for inheritance
Grouper provides some config property files, including default security
An institution can have property files
Transform JSON for each message type
use transformation configuration
Comment: seems flexible
Q: Is there overhead?
A: Chris: can run this pretty quickly
A key component is being able to debug and see at what step there is a problem
So you can see an unencrypted and encrypted log directory
To facilitate figuring out problems
Misagh: maybe instead of declaring each transformation as a property setting, use a transform implementation class to describe a java component that does transformations in this particular way. A site could replace that with their own transformation (in javascript or groovy)
Chris: yes we can do that too
Config-based makes things easier, uses expression language, but a site can also use a programming language
Misagh: Can we have an option for shared secret instead of JOSE certificates? Easier than certificates.
Chris: yes, shared secret should be one of the options. We would decide on the default, and a site could change that.
Shilen: looks good
[AI] (Dave) review Chris’s message format example config page.
[AI] (Chris) If Dave agrees on the message format work, then Chris put together a proof of concept.
Please tell Chris if you think of other use cases besides:
-Add a new config file without adding an existing
-Having default settings and then override those
-Filtering and Transformations ( to be done declaratively or programmatically)
4. Reminder:
Grouper BOF at 2015 Global Summit, Tuesday, April 28, 2015 at noon ET
Next Grouper Call: Wed. April 8, 2015 at noon ET