Minutes: Grouper-dev call 6-July-2011
Tom Barton, University of Chicago (chair)
Chris Hyzer, University of Pennsylvania
Shilen Patel, Duke
Lynn Garrison, Penn State
Tom Zeller, U. Memphis
Steve Olshansky, Internet2
Emily Eisbruch, Internet2 (scribe)
*** Grouper 2.0: Code freeze on Friday, July 22, Release on Wed., August 3 ****
Carry Over Action Items
[AI] (All) Please be sure that you, or someone at your institution, responds to the Grouper Survey. Link ishttp://www.surveymonkey.com/s/YDXZKWD
Note: Thank you to those who have already responded.
[AI] (Shilen) will talk with uPortal folks about Grouper uPortal integration, and will keep Jean Marie in the loop.
[AI] (Chris) will investigate putting the OpenConext Teams UI on the Grouper demo site.
[AI] (Gary) will address the Admin UI privilege issue (JIRA 608) if his time allows
[AI] (Everyone) provide information on the Grouper 2.0 highlights wiki page. https://spaces.at.internet2.edu/display/Grouper/Grouper+highlights+2.0
[AI] (Everyone) review JIRA issues in preparation for Grouper 2.0
[AI] (Chris) will implement member search and sort in the Lite UI
[AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment.
[AI] (TomZ and Chris) will discuss/work on LDAP Grouper Loader for importing groups. JIRA 442
[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.
Reminder: Agendize Grouper UI strategy
• So far, 114 institutions started the Grouper survey, 65 institutions completed it.
• SteveO's compilation of the institutions who have downloaded Grouper since March 2010 has been helpful in viewing the range of interest in Grouper, and in doing some targeted outreach regarding the survey
• Have received much useful data
• Will create a report when Grouper survey closes on Tuesday, 12-July-2011
Open Source IdM Planning
• TomB reported that there is an Open Source IdM analysis underway, instigated largely by the Kuali KIM team.
• They are looking at Kuali KIM, Grouper and other products and how they might be used as a basis for a set of open-source projects.
• There was some discussion of this at the Jasig Conference and ACAMP in Westminster, CO in May 2011
• Will be discussed more in August.
Grouper 2.0 Release
Jira Issues are listed here:
• Chris is working on the limits UI screen
• Chris will integrate limit decisions into web service permissions call
• Chris's work on permissions has been a roadblock for Shilen to work on point in time
• It was decided that Shilen should move ahead with including the permissions allow/deny into the point in time work ( JIRA 614)
• Shilen will also work on namespace transition and new attribute framework (JIRA 612) -- some parts of this may need to wait for Grouper 2.1
• TomZ reported that caching improvements are complete
• TomZ reported that possibly a few weeks may be needed to finish the real-time provisioning work.
TomZ and TomB will talk offline about timing issues.
• Code Freeze on July 22
• Release on August 3
Priorities for the work on Grouper 2.0
Maven contribution -- nice to have but not essential for Grouper 2.0
Synching a group from LDAP -- more important
Hibernate upgrade -- do after 2.0 to avoid disruption.
Permission Limits Topic
Chris would like feedback on permission limits info he emailed to Grouper-dev on June 20, 2011:
Included are some built-in limits (the API, with the UI to come later) such as
• "only give access during weekdays 9-5" limit
• "amount less than" limit
• Use expression language
A limit attribute could be attached to a
• permission assignment
• a role
• a membership on a role
The built-ins for limits can serve as examples that deployers can modify to meet their own needs.
If a limit is assigned to a role, everyone in that role gets that limit for all their permissions
Q: What if there are different limits on the same permission, due to hierarchy and inheritance?
A: The allow/deny algorithm will pick the permission that is most applicable. Aggregation of limits will occur
To create a limit, you create an attribute with a type of "limit"
Use Java implementation to do the logic
Chris will discuss this implementation of limits on an upcoming MACE-paccman call.
Next Call: Wed. July 20, 2011, noon ET