Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Release

Item

Description

2.3TIER packagingDiscuss with TIER and decide on standard TIER packaging for quick start (VM vs Docker vs Installer). Link to TIER Packaging Working Group.
2.3  Revise build environment and dependency retrieval

Revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync)

Possible options:

  1. Ivy: keep existing ant scripts and use Ivy for dependency retrieval
  2. Maven: Remove ant build script and let maven drive both the build and dependency retrieval. (create various profiles for each env)
  3. Gradle: Remove ant/maven build scripts. Use groovy scripts to retrieve dependencies and drive the build

Need to figure out versions for each dependency.

2.3 (tentative)upgrade vt-ldapto ldaptive (PSPNG to use ldaptive)

2.3 (done)

Improve folder privileges

Change folder privileges so that instead of the STEM privilege, there is an ADMIN privilege on folders.  The ADMIN privilege would mean you have all rights to the folder, you can rename it, delete it, change privileges, and effectively every other privilege.  The CREATE privilege would be changed to also include creating folders (in addition to groups and attributes).  And the STEM_ATTR_READ and STEM_ATTR_UPDATE would remain the same.  Note, so the name doesnt conflict with the group ADMIN privilege, the stem privilege will be called STEM_ADMIN.

2.3 (in progress)

Improve loader

  • Unresolvables
    • The grouperLoaderLdapErrorUnresolvable option doesn't seem to have any affect. Remove it.
    • Add option in the loader properties (i.e. globally for all loader jobs) to specify how to deal with unresolvable subjects. If for a given loader job, there are more than a specified number of unresolvable subjects, the result should be SUBJECT_PROBLEMS. If less, SUCCESS.
    • If running the loader via GSH, print out the unresolvable subjects. Make sure it's also being logged to the file.
  • Add the ability for the loader to run on multiple nodes to it has better availability by adding tables for quartz
  • Look at loader.thread.pool.size, is it used? Can it be added to quartz config? Should it be removed from the config file if not?
  • Allow changes to loader configs to be read without having to bounce the loader. 
2.3 (in progress)Add more features to new UIAdd features into the new Grouper 2.2 UI so that more things from the admin UI and the lite UI can be performed in the new UI.

2.3 (in progress)

Add remaining attribute/permission operations to WS

Add ability to manage attribute and permission definitions 100% via the WS.  Currently many things can be done via the WS but not all.  Currently the gaps can be addressed via the UI/API.

2.3

Standard authorization API

Define and implement a standard WS API.  This is a CIFER/TIER effort and might be based on SCIM or OAuth2 and might be readonly for 2.3.  This would be a web service and might also include messaging.

2.3 (in progress)

Successor to the PSP first pass. Include AD and LDAP connectors

Replacement of the PSP for LDAP/AD

2.3's PSP will deliver provisioning of three different flavors of LDAP targets:

1) Group Memberships reflected in LDAP Attributes (eg, an entitlement attribute)

2) Group Memberships reflected in LDAP Groups (groupOfUniqueNames or Active Directory groups): Group contains an attribute (eg, uniqueMember or member) with the DNs of ldap objects corresponding to member Subjects)

3) Group Memberships reflected in another group schema (eg, posixGroup): Group contains an attribute (eg, uidMember) that has values directly from Subjects or an attribute of an ldap object that is found by searching with Subject attributes

 

2.3's PSP will deliver much higher provisioning performance .

Not yet assigned

Improve GSH

Improve gsh by adding readline like capabilities (line editing, tab completions, history, etc).  Explore incorporating Jline2 into the current beanshell approach or possibly adopting groovysh as the base.

2.3 (in progress)

Provisioning by message

Use a message bus to notify interested parties, including traditional provisioning agents, of group changes. TBD: supported message transports, format of messages, content of messages.  Possible transports include AWS, Azure, ActiveMQ. 

2.4

Finish the new UI, replace admin and lite UI

Add features into the new Grouper 2.2 UI so that everything from the admin UI and the lite UI can be performed in the new UI.  Remove the admin and lite UIs (redirect outdated links).  Add user based auditing and overall auditing.  Add new features like the ability to easily configure "rules" in the UI

On-going

Grouper Core enhancement

Continue adding capabilities to meet requirements from the field.

On-going

Community contributions

Solicit and publicize community contributions of extensions and complements to Grouper.

Not yet assigned

Register for notifications

Add ability for users to register to be notified of changes to specified objects. Note, there are rules to email users about changes to memberships

2.4

More provisioning connectors

Add further connectors to reflect specified group, membership, role, and permission information into external systems and services. Include Google provisioning (from the Unicon contribution to the PSPNG)

2.4 (tentative)

Scaling REST webservice

A page in the Administration guide, Grouper always available web services and client, demonstrates one way to provide always available services using a specialized client.  The CIFER REST web service will need the server-side capability to provide that always-available functionality.  In addition the REST API should be able to access multiple, read-only caches so it can efficiently handle any increase in query requests, most of which will not need to directly access the primary database. PSPNG should be able to provision to a database table, and WS should be able to read from that table (or tables) for simple operations.

Not assigned yetLoader real time changes

Allow the loader to have event based processing e.g. in messaging or a change log table.

LDAP might need messaging. SQL would need triggers and change log table

...