Notes: Grouper Call of Wed. 6-May-2015 at noon ET
Attending:
Tom Barton, U. Chicago, Chair
Chris Hyzer, U. Penn
Jim Fox, U. Washington
Shilen Patel, Duke
Misagh Moayyed, Unicon
David Langenberg, U. Chicago
Mike Grady, Unicon
New Action Item
[AI] (Tom) Schedule discussion on the “job ad” to replace DaveL for next Grouper-dev call.
Carry Over Action Items
[AI] (Tom) invite Chris Phillips to an upcoming Grouper-Dev call
[AI] (DaveL) record ideas about handling categories on the Post PSP Provisioning page (Brown’s case) based on the Feb. 11 Grouper call discussion (TODO)
[AI] (Misagh and Chris) tested the unmappable character issue using Unicode. Then created wiki page to document the approach. Misagh created a JIRA for a new issue he found. Non-english chars don’t seem to render correctly
Chris suggested to try this on installed version, not on Dev.
Misagh tried with the installed version. No difference.
Next step: Chris take a look at the middle of page where problem shows itself
[AI] (DaveL) follow up on provisioning empty groups to LDAP to be sure the solution is documented (Still TODO)
[AI] (Tom) to bring pen testing need into TIER process (remains long term)
DISCUSSION
Grouper Team Items
DaveL – Promotion at UChicago leads to Dave needing to leave the dev team :-(
Dave will try to stay on through new person joining the Grouper-dev team.
Grouper & TIER, getting close, let's start some staffing and architecture plans
Background docs
packaging & config management
cloud service form factor
Need for on-going operational support in ecosystem. Unicon has history of doing so in related areas, might do so for Grouper too in response to need.
Hosting provider potential challenge: access to Grouper shell needed. A config editor UI might make that problem go away. Might incorporate a web console for complicated things. 3rd party tools might be incorporated.
Installer change to produce Docker container, perhaps. Docker imposes no constraint on using an external database, it doesn’t need to be in the same container. You can even link two Docker images together, eg, an API and a DB one.
Provisioning - ICF type connectors framework perhaps. How does ICF work with messaging??
Intake manifold APIs/integration - use a standard API for different systems
Relationship with CIFER API
IAM-specific integrations like multifactor authentication, self-serve UI, stateful de/provisioning
Deprovisioning is often an issue, needing best practices as well as better-suited technology. Config UI challenge: transition rules, states, approvals,
Issue roundup -Skipped
https://bugs.internet2.edu/jira/browse/GRP-939 as a lead in to how we should think about audit reporting
Default for loader failsafe limit
Add decoration to loader group to make failsafe a per-group setting. Best to do as grouper attribute rather than loader config element. Or maybe config UI magic that can accomplish the same. Chris is communicating with Carl W @ Layfayette about what’s needed exactly.
New section on Guidelines for Contribs (click to view)
Feedback:
- Java is necessary for Grouper itself, but client contribs can be in other languages.
- Supportability is a key need to be addressed by the team.
Next Grouper Call: Wed., May 20, 2015 at noon ET