Minutes: Grouper Working Group Face-to-Face at 2012 Spring Member Meeting
Tom Barton, University of Chicago (Working Group Chair)
Chris Hyzer, University of Pennsylvania
Shilen Patel, Duke
Tom Zeller, Unicon
- Grouper 2.1 in Brief
- Grouper roadmap
- Grouper UI planning
Topics suggested by the attendees:
- Grouper and SCIM (Simple Cloud Identity Management)
- Provisioning - the PSU experience, and a few questions
** DISCUSSION ***
Grouper Training Videos Being Produced
- To address yjr need for Grouper training, a Grouper training team is producing training videos.
- View the videos produced so far: https://spaces.at.internet2.edu/display/Grouper/Grouper+Training
- Please send your feedback to: GrouperTraining@internet2.edu
Unicon is Supporting Grouper
Pleased to announce that Unicon is supporting Grouper.
- IT services for education, specializing in open source.
- Cooperative Support Program for Grouper, Shibboleth, CAS, uPortal, uMobile, Sakai!
- Annual subscription, 4 levels, provides access to and funds dedicated support team who work directly with the open source projects
Summary of What's New in Grouper 2.1
- Grouper Failover Client
- library for you to use
- optional discovery over HTTPS
- requires multiple endpoints
- Subject filter and attribute decorator
- Grouper installer
- replaces the Quickstart
- requires Java 6 and provides an easy install
- Local entities
- modeled as a type of group that can't have members
- to be used for system ID's, schemas, Kerberos principals
- More web service operations
- to support attributes and permissions
- Loader can sync from LDAP to Grouper
- LDAP filter returns:
- simple -- LDAP filter returns a list of member ID's
- list of groups with attributes of members
- list of groups by member attribute
- PSP (Provisioning Service Provider)
- Misc. other features new in Grouper 2.1
-Upgrade of Hibernate to 3.4.7
- Consolidated 2 LDAP sources, uses VT-LDAP
- simplified caching
- JSONP support for Grouper-WS
- Group source adapter efficiency: one query
- Can encrypt passwords in more places
- Can customize how lite UI displays subjects
- Provisioning Service Provider (PSP)
- based on SPML v2
- PSP replaces LDAPPC-NG
Q: What about PSP and writing to SCIM (Simple Cloud Identity Management)?
A: This is possible in the future. The more choices the better.
It was noted that it is not yet certain whether Google and Microsoft will support SCIM
Q: Penn State is testing PSP and bulk sync.
There are issues with large groups and performance.
A: The performance issues with a memory hog in bulk sync code will be addressed in the PSP code.
Plans for Grouper 2.2 and future releases include:
- New Grouper UI (discussed below)
- Service tags in Grouper
- attributes that serve as identifiers for all objects related to a particular application
- Improved Grouper Configuration
- to make Grouper more easily deployable across environments
- Legacy Attribute Migration
- More Web Service Operations
- Register for Notificaitons
- ability for users to register to be notified of changes to specified objects
- Unix GID management
- COmanage integration
- Further uPortal-Grouper Integration
- Further KIM-Grouper Integration
Tom Barton invites the community to add items to the roadmap on the wiki.
Grouper UI Redesign Planning
The Grouper team wants your input on the Grouper UI Redesign.
Please add your requests for the new Grouper UI to this table:https://spaces.at.internet2.edu/display/Grouper/Grouper+UI+redesign+v2.2#GrouperUIredesignv2.2-community
- April 1 - May 31 -Gather community UI requirements and requests in table
- June 1-15 -Finalize acceptance status of each request by grouper-dev and assign each to a priority class
See wiki for more process and timeline info:
- SURFnet has developed a SURFteams GUI for SURFconext as seen at:
- SURFteams is a Grouper instance with a SURFnet-developed GUI
- used for many collaborations
- allows people to request access to group
- email invitations are used
- self-service log in with a federated identity to get added to a group
- groups are used for many purposes, for example, to log into the SURFnet video system
- SURFconext is also working with VOOT on getting more external group information
- request for mobile friendly UI
- when viewing details of a group, it would be good to see when changes to a batched, provisioned group will be provisioned to a downstream system or updated from an external source, (to answer question "when will this be live?)
- request for easy cloning of an existing group
- COmanage is also working on GUI and would like to take advantage of any experts that are brought in to consult
Q: What about an embeddable UI?
A: ChrisH: Currently, there is a popup that can be embedded.
A prototype UI from University of Washington was shared.
The way navigation/tabs are handled on this UI is convenient.
Request: Please add links on the table to UIs that have desirable features:
Also from 2012 Spring Member Meeting:
- Slides from the "Access Management and Grouper" session on Wednesday, 25-April-2012
Grouper website: http://www.internet2.edu/grouper/
Grouper wiki: https://spaces.at.internet2.edu/display/Grouper/Grouper+Wiki+Home
Grouper 2.1: http://www.internet2.edu/grouper/software.html
Please share your Grouper story and documents on the Grouper Community Contributions page at: https://spaces.at.internet2.edu/display/Grouper/Community+Contributions