Child pages
  • Grouper Call 9-April-2014
Skip to end of metadata
Go to start of metadata

Minutes: Grouper-dev call of April 9, 2014


Chris Hyzer, University of Pennsylvania (stand-In chair)
Jim Fox, University of Washington
Shilen Patel, Duke University
Dave Langenberg, University of Chicago
Vivek Sachdeva, UCLA
Emily Eisbruch, Internet2, scribe

New Action item

AI (Jim) make the University of Washington group events AD updating code available on GitHub and document its availability on the Community Contributions page.
and in table at bottom of this page:

Carry Over Action items

[AI] (Shilen) investigate ways to get new attribtues in a single step

[AI] (Shilen) do performance testing prior to the Grouper 2.2 release

[AI) (DaveL) look at PSP ChangeLogDataConnector Inconsistency issue

[AI] (DaveL) write up the doc related to the Shib Grouper question.

[AI] (DaveL) work on the PSP aspect of GRP 914.


University of Washington Contribution of AD Code

Jim stated that U. Washington has a possible code contribution. The code takes group events and updates AD. The AD has been modified to provide group membership viewer controls. This code would need to be modified to be used outside of University of Washington.

AI Jim will make the University of Washington group events AD updating code available on GITHUB and document its availability on the Community Contributions page.
and in table at bottom of this page:

Loose ends and discussions on the Grouper-Users List

Scott Koranda raised some questions on the use of the SQL loader. Scott later told Chris that he had figured out an approach to this issue and will document this on the wiki.


Global read-only role in API
-Chris noted that University of Pennsylvania needs a global read-only role in the API for web services.
-The admin working on a course provisioning application needs to be able to pick a group in Grouper and not worry about going to Grouper to assign the read privileges to the service principals.
-Jim: At U. Washington we have set up Global read-only roles for a few trusted clients
-Everyone understands that some admins have global permissions
-Chris would like to make that enhancement to the Grouper API


There was a recent discussion with CMU? Re Multi-assignable attributes and the API.
For a multi-assignable attribute, if you call assign it will over-write the last assignment, if you call add it will add
-That is a confusing issue about the API, would be good to clarify if possible


0 after web service issue was discussed on the list.
-Could that be an undefined variable or could it be chunking?
-Not sure


Legacy import/export
-Shilen got this feature to work with Grouper 2.2


Invitation errors for External person invites was discussed on the list
Chris has created a JIRA for this:

Tomcat 7

There has been discussion that we should get Gropuer working on Tomcat 7
The new servlet JSP spec is not backwards compatible.

Chris noted that this transition to Tomcat 7 will be easier in a future version of Grouper ( Grouper 2.3?) when the older UIs no longer must be actively supported

GroupID/FolderID - Default to foldername

Chris has completed this feature, which was suggested by CMU:

Testing the Grouper 2.2 UI

Chris emailed the Grouper-users list about testing the new UI.
About a dozen new users have registered.

Chris set up a wiki so people can log their experience

Michael Girgis, U. Chicago, has registered for the demo server.
It will be great to get Michael's feedback to see if Chris implemented the UI design as he had envisioned.
Grouper 2.2 Release

Chris reported that he has completed the list of tasks for the new Grouper UI:

Chris is now waiting for feedback on the UI from the various testers and working on CRSF protection

SCIM Grouper Integration

DaveL is ready to turn over his work to Bas at SURFnet for evaluation.
Grouper SCIM integration will be an experimental feature in the Grouper 2.2 releasee

Legacy Attribute Migration

Shilen noted that for Grouper 2.2, the built in attributes are migrated to legacy attributes.
The name says "legacy" attributes but they are legacy and "built in" attributes.
However, the folder name is configurable; the word "Legacy" could be configured to say something else.

UCLA Use Case

Vivek shared a use case from UCLA
They have a group (committee) with multiple people managing that committee.
Assume Bob adds members 1,2 and 3 and Joe adds members 4, 5 and 6
Requirement that Joe should not be able to delete any members added by Bob

Chris suggested:
-Have Bob add a group for which Bob has update privileges but Joe does not
-Have Joe add a group for which Joe has update privileges but Bob does not
Then use composite group so the effective members of the group would be Bob's group plus Joe's group.

Another approach: it's feasible to use an attribute to represent who added a membership.
Then have the front-end application read the attribute and be sure person who deletes a membership is the one who added that membership.

Using Many Permissions

Vivek: we are adding a case management system, we need lots of permissions.
Use case is: faculty member goes to review process for promotion
This goes to the Dept. to the Dean, etc. with lots of roles and different permissions for those roles
Question: What's your opinon on adding 300 or more permissions?

Answer: This should be fine. Shilen has done performance testing adding a large number or permissions and it has worked. Also Penn has loaded a Grouper registry with 10K or 100K permissions assignments and done API calls and it has performed fine.

Chris suggested to make a loop with GSH and create permissions and do stress testing.
Vivek plans to do that.

Next Grouper-Dev Call: Wed. April 23, 2014 at noon ET

  • No labels