Child pages
  • Grouper Product Roadmap

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Release

Item

Description

2.4 patch (underway)Allow configuration to be stored in databaseAllow configuration to be stored in the database so common configuration is shared among all JVMs. Of course some configuration wouldnt be elgible for this (e.g. database connection information, passwords, etc)
2.4 patch (DONE)TemplatesTemplates can create multiple folders / groups / privileges / etc at once based on a wizard UI. Built in template for a service/application, and TIER Grouper Deployment Guide structure
2.4 patchReal time message based loading LDAP by personAllow messaging to take events to update a user in loader jobs (ldap)
2.4 patch (DONE)Disable loader jobsAdd ability to disable loader jobs
2.4 patchProvisioning in UIManage and which folders and groups get provisioned in the UI
2.4 patchImprove performanceLook at recent Grouper performance issues and make improvements
2.4 patch (DONE)Tag Grouper TypesAdd ability to tag Reference / Basis / Authorization groups. Show this information to describe access policy
2.4 patch (DONE)Visualizing GrouperAllow the ability to show a visual graph representation of group, privilege, and permission relationships
2.4 patchSubject source adapter configuration wizardHave grouper subject source adaptor configuration in the UI like the loader config. Explore including Midpoint and Comanage if useful
?Move GSH needs into the UILook at how the community uses GSH and move those needs into the UI
?Membership constraintsAllow memberships to be able to be constrained for certain reasons, when those conditions are met, enable the membership, else disable. And keep the existing enabled/disabled dates if applicable
2.4 patch (DONE)Show disabled membershipsShow disabled memberships and privileges on demand and allow the user to configure enabled/disabled dates in more flexible way
2.4 patch (DONE)USDU expiration datesAllow USDU to clean up unresolvable subjects that have been unresolvable for X days
?Changelog improvementsAllow change log consumers or message publishers to process messages before the single threaded "change log temp" processor completes
2.4 patchMembership reportsSee which users in a group or a folder of groups are not active. Add other attributes. Download reports. Schedule reports.
2.4 patchMembership approvalsAdd simple workflow (approval) for an OPTIN or UPDATE operation on a group

2.4 patch or 2.5

Register for notifications

Add ability for users to register to be notified of changes to specified objects. Note, there are rules to email users about changes to memberships

2.4 patch or 2.5Provision lifecycle eventsEvents (such as admission, enrollment, new hire, etc.) must trigger lifecycle stage transitions, role changes, affiliation changes, etc.  Those can then cause other events such as service eligibility.  Lifecycle changes or affiliations all precipitate a need for provisioning wherein roles are mapped to services / entitlements.
2.4 patch or 2.5Workflow state groupsThe solution must support high level workflows between states. Group memberships transitioning among workflow state groups
2.4 patch of 2.5Separation of dutiesThe solution must anticipate the possibility of conflicting roles in the case of multiple personae. Also allow overrides of separation of duties
2.4 patch or 2.5Conflicting rolesThe solutions must take into consideration that conflicting grants of authority, eg, one source indicating a grant of access and another a denial of access, must be resolvable according to the needs of each application or service context
2.4 patch or 2.5Handle multiple rolesThe solutions must enable individuals to have multiple roles/affiliations/relationships/whatever with the institution, each with its own lifecycle and overlapping set of access privileges needed to undertake each role. Statefulness (persistence and preservation of state) must permeate the design goals of all solution components in order to correctly and efficiently manage their access over the course of these multiple lifecycles
2.5Add database columnsAdd database columns for group expiry (membership expiry already exists), and membership notes (maybe an attribute instead). Anything else for point-in-time? "visible" flag for UI for groups
2.5? (started)Revise build environment and dependency retrieval

Revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync)

Possible options:

  1. Ivy: keep existing ant scripts and use Ivy for dependency retrieval
  2. Maven: Remove ant build script and let maven drive both the build and dependency retrieval. (create various profiles for each env)
  3. Gradle: Remove ant/maven build scripts. Use groovy scripts to retrieve dependencies and drive the build

Need to figure out versions for each dependency.

2.5?Real time message based provisioningAllow messaging to take events to provision new netIds (pspng)
2.5Expire dates

Add expire dates to groups (other objects? attribute definitions? attribute names?) and expose privilege expire dates to WS/UI. GRP-1807: folder names limited to 255

GRP-849: add enable/disable dates on groups like memberships and permisisons

2.5PSPNG UI configuration wizardWizard to walk administrator through setting up a PSPNG configuration
2.5?Rules on individual membershipAn individual membership could have a rule that it is dependent on memberships in another group for example
2.6Improve pagination in WSReturn the total count. At least change the WS schema for 2.4
2.6Add remaining attribute/permission operations to WSAdd permission hierarchy services for roles, actions. Limits? Any other attribute permission services?
?Add dropbox endpoint to pspng
?Add unicon azure integration to grouperAdd the unicon azure integration to grouper.

https://github.com/Unicon/office365-and-azure-ad-grouper-provisioner

?Add O365 to pspngNeed technical requirements first, leverage the existing Unicon work
2.6?Add bulk operationsMake bulk operations faster, e.g. creating or deleting a list of groups, adding or removing a list of memberships
2.6?UI warn, restrict, or schedule large operationsIf adding a group to another group, maybe warn, restrict, notify user that the operation will take a while to provision. Or schedule this for later?
2.5Copy entitlements to another userCopy entitlements to another user. Optionally include start and end dates
2.6?Automatically clean various thingsIf a group is marked as a composite ad hoc list (and/or maybe includes / excludes), then if the membership is no longer relevant, then set an end date for some time in the future. Optionally notify. This applies to individual permissions as well. Automatically or manually clean up redundant privs (if assigned to group and individual). Automatically or manually clean up redundant memberships (group and individual)
?Add high level help or how tosFor admins or users etc
?
Direct/indirect should show on policy group
?
Security model - documentation and UI opportunities - wizard?
?
Can application owners see reference group?  via attributes
On-goingUpdate third party librariesUpdate third party libraries to the latest version
On-going
Update training videosGo through training videos and either keep, re-record, annotate, or delete. Identify new training videos to make
On-going
Refine next generation provisioningTake PSPNG and feedback from the field and add more features, refine it, improve it, etc

On-going

Grouper Core enhancement

Continue adding capabilities to meet requirements from the field.

On-going

Community contributions

Solicit and publicize community contributions of extensions and complements to Grouper.

Not yet assigned

More provisioning connectors

Add further connectors to reflect specified group, membership, role, and permission information into external systems and services. Include Google provisioning (from the Unicon contribution to the PSPNG)

Not yet assigned

Scaling REST webservice

A page in the Administration guide, Grouper always available web services and client, demonstrates one way to provide always available services using a specialized client.  The CIFER REST web service will need the server-side capability to provide that always-available functionality.  In addition the REST API should be able to access multiple, read-only caches so it can efficiently handle any increase in query requests, most of which will not need to directly access the primary database. PSPNG should be able to provision to a database table, and WS should be able to read from that table (or tables) for simple operations.

Not yet assignedImprove grouper startup timeGrouper takes a while to startup in webapp or gsh command line. Some ideas were nailgun for GSH, javassist byte code enhancement with gradle, profiling, making sure grouper starts in webapp before first request.

...