Child pages
  • Grouper Call 25-Sep-2013
Skip to end of metadata
Go to start of metadata

 Minutes Grouper Call 25-Sept-2013

Attending

Tom Barton, U. Chicago (Chair)
Jim Fox, U. Washington
Bill Thompson, Unicon
Chris Hyzer, U. Penn
Shilen Patel, Duke
Dave Langenberg, U. Chicago
Steve Olshansky, Internet2
Emily Eisbruch, Internet2, scribe

New Action Items

[AI]  (Chris) create wiki page to track Grouper UI issues to consult on with MichaelG.https://spaces.at.internet2.edu/display/Grouper/Grouper+UI+redesign+v2.2+issues+for+Michael+Girgis

[AI] (Jim) propose a session on "Scaling the Grouper API" at Advance CAMP (to be done in November at ACAMP)

Carry Over Action Items

[AI] (Chris) do additional follow-up on the U. Penn Grouper security Analysis.

[AI] (Andrew) let us know what emerges from the Apereo security nßotification process work.

[AI] (Shilen) email the Grouper-users lists to ask who is using the Legacy attributes and ask how they are using them

DISCUSSION

Grouper v2.2

Legacy attribute migration (Shilen)

https://spaces.at.internet2.edu/display/Grouper/Legacy+attribute+migration

Multiple places in the Grouper code currently use group types, and Shilen is addressing each place.
Then Shilen will work on these additional tasks for legacy attribute migration:
-modifications to hooks
-handling built-iin group types, such as include and exclude
-change log
-Point in time
-the conversion process

Shilen is reconsidering the idea that, after the legacy attribute migration, the association between a custom field and group type should be stored in a config. file. There are some performance implications and also a concern about inconsistencies if config files are not managed correctly. There will be an attribute for Group Type after the migration. Suggestion to create another (marker) attribute for the fields involved with a group type, rather than using  the config file approach.

Grouper 2.2 UI Work (Chris)
 
-Chris has made changes to the way that text is configured
-This handles text overlays more efficiently.
-Allows putting scriptlets in the text file so things can by more dynamic.
-Will make it even easier to internationalize

-Two parts of the UI that are not yet dynamic are the tree and the favorites,
-Chris is working on the tree first.
-Tree will have popup menus when one clicks on the items in the tree
-Tree in future versions will be more complex, for this release it will simpler
    -Tree will include groups and then folders, with a plus sign to expand
 
- The first 50 items will be displayed. Then you can click to see more
-Would be good if left menu bar does not change (this is the way Windows works)

[AI]  (Chris) create wiki page to track Grouper UI issues to consult on with MichaelG.https://spaces.at.internet2.edu/display/Grouper/Grouper+UI+redesign+v2.2+issues+for+Michael+Girgis

Grouper SCIM interface

https://spaces.at.internet2.edu/display/Grouper/Grouper+SCIM+integration

Dave has communicated with Chris Phillips and the IETF Working Group around how to map permissions and attributes into SCIM. It may make sense to use entitlements on the user's account,  or to use the Type field as an attribute.

APIs, scale, and fundamental design

https://lists.internet2.edu/sympa/arc/grouper-dev/2013-09/msg00000.html

Jim noted that a busy Grouper installation has frequently offloaded many membership
queries onto LDAPs. Those LDAPs, however, cannot directly support the new CIFER authorization API.  There are concerns about resiliency, capacity, performance and geographical redundancy.

Most people prefer web services over LDAP, but LDAP offers speed.

Another issue:  when we update to a new Grouper version, requiring a rebuild of the database,
what is the API situation during that? Must turn off the replication and upgrade the primary. Must coordinate turning servers on and off at the correct time

Need to look at new design strategies to address these concerns.

Suggestions include a single-master, multi-slave DBMS that might solve part of the problem.
Many DBMS support this configuration, but there is a serious performance issue.
A master DBMS with multiple nonSQL caches, e.g. LDAP, ElasticSearch, ...,
would allow the caches to respond to the most common requests. There are some complexities however.

Chris suggested that a single-master multi-slave architecture be built out in Grouper, so the
client can send read-only queries to a different place than read-write.
Grouper WS can operate in read-only mode, and the databases that Grouper
supports can be setup with one-way replication.

[AI] (Jim) propose a session on "Scaling the Grouper API" at Advance CAMP

======

Github discussion postponed for the next Grouper call.

Next Grouper Call: Wed. Oct 9 2013 at noon ET

  • No labels