Minutes: Grouper Call 6-Nov-2013
Tom Barton, U. Chicago (Chair)
Jim Fox, U. Washington
Dave Langenberg, U. Chicago
Chris Hyzer, U. Penn
Shilen Patel, Duke
Emily Eisbruch, Internet2, scribe
New Action Items
(DaveL) propose an ACAMP session around provisioning issues
(DaveL) talk to SURFnet about SCIM issues.
(Chris) find an opportunity to do a demo of the new UI during Identity Week
[AI] (Jim) propose a session on "Scaling the Grouper API" at Advance CAMP
Carry Over Action items
[AI] (Shilen) will work on the change log to address GRP 914. Then inform DaveL (Done as of Nov 8)
[AI] (DaveL) will work on the PSP aspect of GRP 914 when Shilen finished the ChangeLog work.
[AI] (Chris) do additional follow-up on the U. Penn Grouper security Analysis, including going through the automated penetration test report.
[AI] (Andrew) let us know what emerges from the Apereo security notification process work.
Grouper at Identity Week
-Dave will talk with international partners about SCIM.
-Dave will also talk with key people involved with CIFER provisioning.
-Chris will do a demo of the new Grouper UI
Note: There are several sessions at CAMP that will highlight Grouper:https://spaces.at.internet2.edu/display/CAMP2013/CAMP+Program
Grouper UI Work Updates
Chris has been making good progress on the new Grouper UI.
On the Folder/Privileges/Group membership screen, there's a question about how the filtering should work.
- Allow searching for a substring of a subject in a privilege list or membership list. ?
-Or just allow searching for a specific subject and see only that info in the results. ?
Subject search is against the subject source and a search in a group is against cached data in the members table.
Suggestion to add a check box and to do the other type of search. Decision: Chris will put in the logic to do it either way. Chris will consult with MichaelG on this issue before making a final decision.
Legacy Attribute Migration
Shilen has committed his work to date on Legacy Attribute Migration. In the Admin UI, right now it's possible to see group types without regard to your privileges. If you can see the group, you can see the group types on the group.
Do we want to change that behavior going forward? In Grouper 2.2, if new group types are created and privileges are not explicitly added, should new privileges, such privilege to view the group type, be in effect? Decision: yes, the new privileges should be in effect.
Q: Will group type appear after the migration?
A: Yes the Admin UI will still continue and will know how to express that
Q: Why would there be need to add a group type after the migration?
A: A site might want to continue current practice, such as they use the group type as a flag. In general, we want to discourage using the type construct going forward.
Next Grouper Call: Wed. Nov 20, 2013 at noon ET