Child pages
  • Grouper Call 29-Sept-2010
Skip to end of metadata
Go to start of metadata

Grouper Call 29-Sep-2010

*Attending*

Tom Barton, U. Chicago, (chair) 
RL Bob Morgan, U. Washington 
Chris Hyzer, U. Penn  
Gary Brown, Bristol 
Mike McDermott, Brown  
Shilen Patel, Duke  
Rob Hebron, Cardiff 
Tom Zeller, U. Memphis   
Ann Kitalong-Will, Internet2   
Emily Eisbruch, Internet2 (scribe)
  
New Action Items

AI (Shilen) will get the Shibboleth SP on the demo server and document steps to get it working. 

AI (TomB) will look into getting the Grouper SP into InCommon.

AI (AnnKW) will make the reorganized wiki test site available for review.

AI (Rob) will post draft chapters of his new Grouper documentation on the wiki for review.

AI (Chris) will compile a list of topics for the Grouper Working Group at 2010 FMM and mail them to the list for review.https://spaces.at.internet2.edu/display/GrouperWG/Draft+agenda+for+2010+member+meeting+working+group

AI (Emily) will research remote access for the Grouper Working Group at FMMhttp://events.internet2.edu/2010/fall-mm/agenda.cfm?go=session&id=10001464&event=1159

AI (Mike) will talk to Peter about joining a future Grouper call to share lessons learned from the Brown upgrade.

Carry Over Action Items

AI (TomB) will explore new international participation for work on the Grouper UI.

AI (Rob) will look at issues relating to testing the ESB Connector and contact Chris about moving the ESB work to the web services project. 

DISCUSSION

CMU Billing Use Case

Chris is working on documenting the Grouper solution to a CMU use case relating to access to billing. This example should help explain how Grouper permissions work. Chris is open to feedback on his approach.

https://spaces.at.internet2.edu/display/macepaccman/Grouper+and+the+CMU+Billing+Use+Case

https://lists.internet2.edu/sympa/arc/grouper-users/2010-10/msg00007.html

TomB: How easily suited are the Grouper permissions capabilities to CMU's needs?

Chris: Very well suited. There are two gaps: 
1) CMU would like a UI for permissions 
2) CMU would like a way to have the Java decision client hosted as a web service instead of a WS client. 

TomB: How much of a departure would it be to implement the Java decision client hosted as a web service compared to the current implementation of roles and rules?

Chris: It's just aggregation built on top

Chris noted that on the last MACE-paccman call, there was not universal awareness that Grouper permissions have a 3-way assignment. The CMU example shows a 4-way assignment, and it demonstrates how it's possible to do an n-way permission assignment with metadata.

Rules 

Chris has been giving updates on the implementation of Rules in Grouper on the email list and on the 23-Sept-2010 MACE-paccman call.

https://lists.internet2.edu/sympa/arc/grouper-dev/2010-09/msg00032.html

Peter D from Brown has suggested a use case dealing with a rule for inherit permissions based on group name. That use case is not covered in the development work done on rules so far. Chris plans to implement this capability prior to the Grouper 2.0 release. 

Note: Chris has since implemented what's needed to address this use case. Details at:https://lists.internet2.edu/sympa/arc/grouper-dev/2010-10/msg00002.html

TomB raised a question on Chris's statement in an email that 
each applicable use case has a daemon coded to fix data corruptions. 

Chris explained that the daemon can be turned off using an attribute.

Chris stated that there are several reasons the daemon might be needed.

1. New rule for all groups and the rule is added after groups are already added.  The daemon can fix things for the pre-existing groups.  

2. If you have a rule that already exists and you change that rule, again the dameon can fix things for the pre-exisitng groups, if desired.

3. If a rules doesn't cover all cases,  

TomB noted that he doesn't consider this a case of data corruption, it's more a matter of how the rule implementer  really wants the rule to function.

Gary commented that it can be computationally expensive if there is a large group structure and there's a new rule on the stem. Can generate a lot of work. Can be a lot of consequences to seemingly small changes.

Chris: that's part of the reason it is handled in a daemon, in the background. 

Brown's use case was discussed in this context. Mike noted that Brown has an large amount of groups, so they expect things to take some time.

Chris: The daemon is supposed to run once per day and it handles all its requests in a serial fashion. 

TomB: We can anticipate future requests to move things up in the queue since the daemon handles things in a serial manner.

Shilen had ideas on how to improve performance of the rules implementation using batching. TomB suggested that we incorporate this optimization into the next Grouper release, probably Grouper 2.0.

Upgrade to Grouper 1.6.1 at Brown

Mike noted that once Brown updates from 1.3 to 1.6.1, they may have additional use cases to suggest. Peter has written some custom code to do the loading of data into Grouper 1.6.1.  Brown's plan is to focus on loading group data for next semester and worry about getting historical data into Grouper in the future.  They have at least 600,000 groups. There are 12 groups per class. Some are rarely populated. Many of the groups are dynamically populated. 

Mike suggested that one lesson learned is not to let the Grouper version get so out of date so it's necessary to update so many versions at a time.  Possibly Peter will have more lessons to share in a few weeks. 

AI (Mike) will talk to Peter about joining a future Grouper call to share lessons learned from the Brown upgrade.

Grouper Documentation

TomB thanked Rob and AnnKW for their work on the Grouper documentation. 

Rob has received positive feedback. He is still hoping for case studies, as he requested in this email:

https://lists.internet2.edu/sympa/arc/grouper-users/2010-09/msg00038.html

Rob will post draft content of his Grouper documentation "book" up on wiki.

Ann has been working on improving organization of the Grouper wiki in a test site area. In a few weeks, she plans to open it up to the larger group and get feedback. After giving people a week or so to comment and after incorporating suggests received, she will go "live" with the new, improved wiki.

Ann is also working on a simple template that others can use to make contributions to the wiki. 

AI (AnnKW) will make the reorganized wiki test site available for review.

AI (Rob) will post draft chapters of his new Grouper documentation on the wiki for review.

Advanced CAMP Action Items

A "check-in" call with Advanced CAMP ActionI Item leads is planned for 30-Sep-2010.  

Chris and TomZ are making progress on their respective ACAMP action items:

Chris's Action item is: Develop Capabilities for Federated Group Management in Grouper:

https://spaces.at.internet2.edu/display/ACAMPActionItems/ACAMP2010+-+Federated+Group+Management+in+Grouper

TomZ's Action Item is: Determine How Federated Provisioning Should Work and Participate in SPML Standards Work to Support it

https://spaces.at.internet2.edu/display/ACAMPActionItems/ACAMP2010+-FederatedProvisioningAndSPMLStandards

Planning for 2010 FMM

Grouper-related sessions at FMM:

Grouper Working Group
November 01, 2010, 1:00 PM - 2:15 PM
Location: Kennesaw

AI Chris will put together a list of topics for the Grouper Working Group session at  FMMhttps://spaces.at.internet2.edu/display/GrouperWG/Draft+agenda+for+2010+member+meeting+working+group

AI Emily research FMM remote access for Grouper WG.   

Using Grouper: Campus Case Studies
November 02, 2010, 1:15 PM - 2:30 PM
Location: Chancellor II
   Steven Carmody , Brown University
   Jim Fox , University of Washington
   Richard James , Newcastle University

Delegated Access Control in AD using Grouper (netcast session)
November 02, 2010, 4:30 PM - 5:30 PM
Location: Wilton
   Rob Carter , Duke University
   Shilen Patel , Duke University  

Grouper Demo Site

AI (Shilen) will get Shib SP on Demo Server and document steps to get it working

AI (TomB) will look into getting the Grouper SP into InCommon.

Note: Add to the agenda for a future call : Discuss a stem set table to reflect the structural relationships among stems.

Next Meeting: Wed. Oct. 13 at noon ET

  • No labels