Child pages
  • Grouper Product Roadmap
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 308 Next »

Grouper Product Roadmap

This roadmap sketches substantial and signal functional enhancements to Grouper, and to align at least some of them with future releases. It is (always!) a work in progress, subject to the considerations and requirements of participants in the Grouper Working Group. It is also a proposition: it represents the default plan that the Grouper core developers will attempt to implement.
Items that have fallen off of the roadmap appear further below with some explanation as to why.

Release

Tentative date or time frame

SupportNotes

1.6

Released June 2010

None

2.0

Released September 2011

None

2.1

Released March 2012

None

2.2

Released July 2014

None

2.3

Released April 2016

None
2.4Released August 2018None
2.5Released April 2020

Security and important bug fixes only

Support planned to end when 2.7 is released in fall 2022


2.6Released September 2021

Enhancements, security and important bug fixes

Enhancements will end when 2.7 is released in fall 2022

Has both new provisioning and subject sources as well as old
2.7Estimated Q4 2022Not released

Will only have new provisioners and subject sources (data fields)

These will go away in 2.7

Subject source adapters:

  • JDBCSourceAdapter
  • JDBCSourceAdapter2

Non-provisioning-framework provisioners

  • googleapps-google-provisioner
  • grouperAtlassianConnector
  • grouper-aws-changelog
  • grouper-azure
  • grouper-box
  • grouper-duo
  • grouperKimConnector
  • grouper-pspng
  • grouper-remedy
  • grouper-remedyDigitalMarketplace
  • grouperScim
  • grouper-shib
  • grouper-tierApiAuthz
  • grouper-tier-scim

These will still be in Grouper going forward

Subject source adapters

  • SQL and LDAP adapters configured from UI wizard

All provisioning framework connectors
Custom change log consumers
Messaging connectors

  • grouper-messaging-activemq
  • grouper-messaging-aws
  • grouper-messaging-rabbitmq
3.0Estimated Q3 2023Not releasedWill redo how data is stored in the database in order to make things faster and use fewer resources

So while the Grouper developers are coding 3.0 (fall 2022 to fall 2023) and supporting 2.6 and 2.7, the community can work on reconfiguring and upgrading to the new provisioners and subject sources.


Release

Item

Description

2.6Streamline provisioning configurationMake it easier to configure before more people start using it (v2.6 change).  There would be an upgrade instruction to run a script to help you transition (including script configs).  e.g. CRUD and validation.  Change docs/tests. 
2.6Add OIDC UI authnOIDC UI
2.6Add Grouper data field systemManage user attributes and identifiers differently than the legacy subject source system
2.6Auto-migrate subject sourcesAutomatic conversion from legacy subject source config to wizard config (LDAP and SQL)
2.6Add remedy provisioners
2.6Remove jsonlibMigrate to jackson
2.6GSH loaderAllow a loader to be a GSH script to load groups and memberships (like SQL)
2.6Consolidate utils classes, make a translation utility on UIJEXL translations have different utils classes in scope.  These should be harmonized.  Make a translation utility on UI to test various things...  use GSH for this
2.6Grouper WS OpenAPIDocument the WS API with Swagger JSON.  WS will host a "dynamic" and customizable WS API page.  Explore client generation.  
2.6Add more JEXL scripted group featuresAdd natural language, real time updates, friendly reference group names, visualization, self-documentation, diagnostics, attribute resolver, secure editing, etc
2.6Implement centralized SQL batch sizesSee what the batch size is for each DB vendor and set a default which can be overridden.  Adjust hardcoded batch sizes with these defaults
2.6External system documentation in wizardFor each external system document the specifics in the wizard
2.7Normalize UUIDs, add idIndexesFor core objects which do not have idIndex, add.  Normalize UUIDs so they are lower case without dash.
2.7Upgrade librariesUpgrade java (17), jars, JS libraries etc
2.7Remove unneeded externalized textRemove admin and lite UI externalized text
2.7Single process containerOnly run Tomcat in container, not TomEE, Apache, ShibSP
2.7Unicon authnAdd Unicon authn in container which implements SAML in java (and other things, CAS, etc)
2.7Rewrite Grouper SCIM serverReplace the current J2EE SCIM server to only need tomcat
2.7Support JSON in grouper clientgrouper client currently does XML but should do JSON (by default with option to switch back)
2.7Migrate from group uuid to nameSee where group UUIDs are used (e.g. rules) and migrate to a new strategy.  e.g. use group name.  During renames, all the places where names are used need to be changed
2.7Remove pspng and legacy provisionersOnly new provisioning framework, change log consumers, ESB consumers (including messaging) available
2.7Remove legacy subject source configsOnly new subject source available
2.7Evaluate which upstream linux container should be usedLook at Rocky linux?  distroless?  Stay with current?
3.0Add bulk operationsMake bulk operations faster, e.g. creating or deleting a list of groups, adding or removing a list of memberships.  Add bulk hooks
3.0Redesign Grouper DDLReduce size, improve efficiency, move to single purpose tables/structure.  Simple integer foreign keys (sequence or auto increment).  Simple integer enums.  Compact core tables with external auxiliary tables.
3.0Performance diagnosticsAdministrative function to measure and diagnose the performance of a deployment
3.0Cache redesignAnalyze and improve how Grouper caches objects in and out of Hibernate.  Simply the subject API
3.0Rewrite Grouper wikiRemove old docs and make sure missing docs are added
3.1Revisit Grouper service registryIdentify services in grouper.  Make them easy to see, join, manage, document, attest, etc.
https://docs.google.com/document/d/1zV2kuAKOwoBFIf4GIpiQt6-NFsVkdbYdagDjGcJ7efQ/edit
3.1Re-write Grouper WSEither use SCIM or more targeted REST/JSON to streamline operations.  Proxy from old to new so legacy clients are supported.  New operations will not have SOAP or XML.  SOAP jars will no longer be in Grouper (proxy to another shim project)
?Selenium in UI to sanity test GrouperAdd selenium in UI so Grouper can be sanity tested on upgrade (or whenever)
?Rules UIAdd a rules UI
?Migrate Grouper gitFor consistency, reporting, licensing reasons, Internet2 would like the Grouper git repo to be in its enterprise account instead of public git
?Simplify UIMake UI task oriented and easy to use for various types of users
?Integrate connidmidpoint uses connid for provisioning.  This is a standard.  We would like Grouper to be able to load from and provision to connid connectors.  We would also like to migrate our (non-pspng) connectors (e.g. duo, box, etc) to connid (if not there already) and share with midpoint.
?Improve notificationssupport people, groups, and email lists.  Individual email addresses are problematic.  Add ability to batch emails.  Log emails (temporarily).  User can control preferences.  Notify configure on groups.
Grouper email notifications
?Curated groupsAdd features to support Duke presentation
https://meetings.internet2.edu/media/medialibrary/2019/12/05/20191211-mckee-paranoidiam_1.pdf
?Membership constraintsAllow memberships to be able to be constrained for certain reasons, when those conditions are met, enable the membership, else disable. And keep the existing enabled/disabled dates if applicable
?Installer in UI containerMove or allow parts of the "install container" to be in the UI container.  This should allow servlets to load without any config, and walk through the setting up of the database and other things
?GraphQL WS interfaceImplement graphQL on web services
?Custom Grouper typesAllow institution specific types to be added.  Get requirements from community.
?Daily report refactorRefactor the Grouper "daily" report.  make it a dashboard on UI.  Keep calculations in attributes if they arent already there with instrumentation.  See what features we can use from Michael Gettes dashboard.  See what features from Chad Redman email on April 9, 2019 with his daily report features
?Add group graphAdd group membership graph similar to "paranoid IAM" on group screen.  See trends in membership via PIT
?Changelog improvements

Allow change log consumers or message publishers to process messages before the single threaded "change log temp" processor completes.

Or, not that change log temp is quicker, allow change log consumers to keep track of which messages they have processed so messages can be processed out of order

?

Register for notifications

Add ability for users to register to be notified of changes to specified objects. Note, there are rules to email users about changes to memberships

?Provision lifecycle eventsEvents (such as admission, enrollment, new hire, etc.) must trigger lifecycle stage transitions, role changes, affiliation changes, etc.  Those can then cause other events such as service eligibility.  Lifecycle changes or affiliations all precipitate a need for provisioning wherein roles are mapped to services / entitlements.
?Workflow state groupsThe solution must support high level workflows between states. Group memberships transitioning among workflow state groups
?Separation of dutiesThe solution must anticipate the possibility of conflicting roles in the case of multiple personae. Also allow overrides of separation of duties
?Conflicting rolesThe solutions must take into consideration that conflicting grants of authority, eg, one source indicating a grant of access and another a denial of access, must be resolvable according to the needs of each application or service context
?Handle multiple rolesThe solutions must enable individuals to have multiple roles/affiliations/relationships/whatever with the institution, each with its own lifecycle and overlapping set of access privileges needed to undertake each role. Statefulness (persistence and preservation of state) must permeate the design goals of all solution components in order to correctly and efficiently manage their access over the course of these multiple lifecycles
?Min group membership size

In loader jobs and just on groups have min group sizes
https://todos.internet2.edu/browse/GRP-2388

?Rules on individual membershipAn individual membership could have a rule that it is dependent on memberships in another group for example
?Add remaining attribute/permission operations to WSAdd permission hierarchy services for roles, actions. Limits? Any other attribute permission services?
?Add dropbox endpoint to provisioning
?UI warn, restrict, or schedule large operationsIf adding a group to another group, maybe warn, restrict, notify user that the operation will take a while to provision. Or schedule this for later?
?Copy entitlements to another userCopy entitlements to another user. Optionally include start and end dates
?Automatically clean various thingsIf a group is marked as a composite ad hoc list (and/or maybe includes / excludes), then if the membership is no longer relevant, then set an end date for some time in the future. Optionally notify. This applies to individual permissions as well. Automatically or manually clean up redundant privs (if assigned to group and individual). Automatically or manually clean up redundant memberships (group and individual)
?Add high level help or how tosFor admins or users etc
?
Direct/indirect should show on policy group
?
Security model - documentation and UI opportunities - wizard?
?
Can application owners see reference group?  via attributes
On-goingUpdate third party librariesUpdate third party libraries to the latest version
On-going
Update training videosGo through training videos and either keep, re-record, annotate, or delete. Identify new training videos to make

On-going

Grouper Core enhancement

Continue adding capabilities to meet requirements from the field.

On-going

Community contributions

Solicit and publicize community contributions of extensions and complements to Grouper.

Not yet assigned

More provisioning connectors

Add further connectors to reflect specified group, membership, role, and permission information into external systems and services. Include Google provisioning (from the Unicon contribution to the PSPNG)

Not yet assigned

Scaling REST webservice

A page in the Administration guide, Grouper always available web services and client, demonstrates one way to provide always available services using a specialized client.  The CIFER REST web service will need the server-side capability to provide that always-available functionality.  In addition the REST API should be able to access multiple, read-only caches so it can efficiently handle any increase in query requests, most of which will not need to directly access the primary database. PSPNG should be able to provision to a database table, and WS should be able to read from that table (or tables) for simple operations.

Not yet assignedImprove grouper startup timeGrouper takes a while to startup in webapp or gsh command line. Some ideas were nailgun for GSH, javassist byte code enhancement with gradle, profiling, making sure grouper starts in webapp before first request.

Whatever happened to ... ?

A brief explanation of why some things seem to have disappeared from earlier versions of this roadmap.

What Happened?

Item

Description

2.6 (DONE)Add provisioning loaders for non generic provisionersAdd loader for provisioners (not SQL or LDAP) like Duo or Zoom
2.6 (DONE)Group attributes on edit screenHave some configured group attributes on the group edit screen
2.6 (DONE)Add provisioning config scaffoldingAdd scaffolding for provisioning configs to generate a starting point
2.6 (DONE)Add OSGI to GrouperAdd strategy to have plugins on their own classpath
2.6 (DONE)Entity global attribute resolverDefine a SQL or LDAP generic entity resolver which can be used in Grouper features like ABAC or provisioning
2.6 (DONE)ABAC JEXL scripted groupsJEXL based access policies based on memberships or attributes
2.6 (DONE)Improve folder security performanceMight need an extra table to hold part of the folder security decision
2.6 (DONE)Finalize LDAP provisioner
2.6 (DONE)Add Google provisioner
2.6 (DONE)Finish provisioning diagnostics
2.6 (DONE)Finalize Azure provisoiner
2.6 (DONE)Add SQL provisioner
2.6 (DONE)Add box provisioner
2.6 (DONE)Add Duo role provisionerAdmin roles
2.6 (DONE)Add WS authn optionsTrusted JWT WS, self-service JWT WS, OIDC WS
2.5 (DONE)Add database columnsAdd database columns for group expiry (membership expiry already exists), and membership notes (maybe an attribute instead). Anything else for point-in-time? "visible" flag for UI for groups.  password table for revamped WS authn.  Service account subject source table?  provisioning status.  provisioning group status?  log table?  email batching? config PIT table
2.5 (DONE)Revise build environment and dependency retrieval

Revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync)

Possible options:

  1. Ivy: keep existing ant scripts and use Ivy for dependency retrieval
  2. Maven: Remove ant build script and let maven drive both the build and dependency retrieval. (create various profiles for each env)
  3. Gradle: Remove ant/maven build scripts. Use groovy scripts to retrieve dependencies and drive the build

Need to figure out versions for each dependency.

2.5 (DONE)Real time message based provisioningAllow messaging to take events to provision new netIds (pspng)
2.5 (DONE)Add unicon azure integration to grouperAdd the unicon azure integration to grouper.

https://github.com/Unicon/office365-and-azure-ad-grouper-provisioner

2.5 (DONE)GSH templatesLook at how the community uses GSH and move those needs into the UI
2.5 (DONE)Subject source adapter configuration wizardHave grouper subject source adaptor configuration in the UI like the loader config. Explore including Midpoint and Comanage if useful
2.5 (DONE)
LDAP provisioning Improve PSPNG so it is more performant and accurate.   
2.5 (DONE)Provisioning in UIAdd UI elements to troubleshoot and monitor provisioning.
2.5 (DONE)Daemon configurationUI elements to add/edit/remove Grouper daemons including configuration specific to each type of daemon
2.5 (DONE)External systems wizardsWizards to guide administrators through configuring, managing, testing external systems.  External systems and things Grouper connects to and generally have endpoints, credentials, and settings.
2.5 (DONE)Provisioning configuration wizardUI screens to configure a provisioner and assign provisioning to folders and groups
2.5 (DONE)Provisioning controls on grouper objectsScreens on folders, groups, memberships, and subject to view, troubleshoot, and fix provisioning.  Reports of activity, errors, etc.
2.5 (DONE)Gantt chart for jobsSee when jobs have executed, job overlap, how long jobs take, success or error
2.5 (DONE)Update WS/UI authnBasic authn in database.  Passwordless WS authn in future
2.5 (DONE)Grouper installer installs containerGrouper installer wizard walks through running Grouper in container
2.5 (DONE)Container redesignOne servlet container, easier mounts, one directory structure, fewer processes, maven build, patchless
2.4 patch (DONE)attributes on membershipsallow direct and indirect attributes on memberships in UI
2.5 (DONE)Require containerGrouper requires a container to run.  No tarballs will be distributed.  The grouper installer will install the container easily
2.5 (DONE)Expire dates on groups

GRP-849: add enable/disable dates on groups like memberships and permisisons

2.4 patch (DONE)Custom join/leave/analyze UISimple custom join/leave UI, also analyze access
2.5 (DONE)Improve pagination in WSCursor based paging
2.5 (DONE)Add some web services

Add GRP-2153: Add audit log functions to the Web Service

Add point in time options for WS get members, get groups, group save, get memberships

2.4 patch (DONE)Screens to show attribute assignments from attribute def (name)

GRP-2302: create screen to show attribute assignments from an attribute def

GRP-2303: create screen to show attribute assignments from an attribute def name

2.4 patch (DONE)Allow configuration to be stored in databaseAllow configuration to be stored in the database so common configuration is shared among all JVMs. Of course some configuration wouldnt be eligible for this (e.g. database connection information, passwords, etc)
2.4 patch (DONE)TemplatesTemplates can create multiple folders / groups / privileges / etc at once based on a wizard UI. Built in template for a service/application, and TIER Grouper Deployment Guide structure
2.4 patch (DONE)Real time message based loading LDAP by personAllow messaging to take events to update a user in loader jobs (ldap)
2.4 patch (DONE)Disable loader jobsAdd ability to disable loader jobs
2.4 patch (DONE)Provisioning in UIManage and which folders and groups get provisioned in the UI
2.4 patch (DONE)Improve performanceLook at recent Grouper performance issues and make improvements
2.4 patch (DONE)Tag Grouper TypesAdd ability to tag Reference / Basis / Authorization groups. Show this information to describe access policy
2.4 patch (DONE)Visualizing GrouperAllow the ability to show a visual graph representation of group, privilege, and permission relationships
2.4 patch (DONE)Membership reportsSee which users in a group or a folder of groups are not active. Add other attributes. Download reports. Schedule reports.
2.4 patch (DONE)Membership approvalsAdd simple workflow (approval) for an OPTIN or UPDATE operation on a group
2.4 patch (DONE)Show disabled membershipsShow disabled memberships and privileges on demand and allow the user to configure enabled/disabled dates in more flexible way
2.4 patch (DONE)USDU expiration datesAllow USDU to clean up unresolvable subjects that have been unresolvable for X days
Completed in 2.3Provision to BMC RemedyProvision memberships into remedy and digital marketplace
Completed in 2.3 patchDeprovisioningUser interface to manage deprovisioning of subjects https://spaces.at.internet2.edu/x/ZQlhBg

Completed in 2.4

Finish the new UI, replace admin and lite UI

Add features into the new Grouper 2.2 UI so that everything from the admin UI and the lite UI can be performed in the new UI.  Remove the admin and lite UIs (redirect outdated links).  Add user based auditing and overall auditing.  Add new features like the ability to easily configure "rules" in the UI

Completed in 2.3
Require Java8, Tomcat8Standardize and require java8
Completed in 2.3
Add new messaging strategiesAdd new messaging strategies in the Grouper Messaging system for ActiveMQ, AMQP (e.g. RabbitMQ), AWS
Completed in 2.3
AttestationGroups and folders can be marked to require periodic membership review. Reminders will be emailed to group owners
Completed in 2.3
TIER API in installerThe TIER API Tomee service is installed with the grouper installer
Completed in 2.3
Grouper loader in UIUser interface to show loader configuration, diagnostics, logs, wizard editor
Completed in 2.3
Subject source diagnostics in UIUser interface to analyze, diagnose, and recommend improvements for subject source configuration
Completed in 2.3
Harmonize configurationConvert sources.xml and ehcache.xml to be cascaded properties files
Completed in 2.3
Grouper loader real time updatesAllow a change log table (SQL triggers) or messages to trigger loader updates for a partial population or single user
Completed in 2.3
Grouper instrumentation

Improve and standardize Grouper logging to provide centralized metrics at an institution and the ability to upload stats to a central Internet2 server

  • Around Dec 2016, make the patch default to on
  • Add features: Number of loader jobs, Hourly stats of number of users (UI/WS) [rate information not just count], Collect configuration (non sensitive), Performance (e.g. threadcount of loader jobs, heap size), Operations per time period for pspng / ldap server, how many messages, Subject source type

  • UI so administrators can see local stats
Completed in 2.3
TIER packaging for 2.4In the TIER packaging for Grouper, create Grouper docker container, integrate Grouper with Shibboleth, configure PSPNG, configure user registration with COmanage
Completed in 2.3
UI accessibilityIncorporate recommendations from Colorado UI accessibility review

Completed in 2.3

Improve GSH

Improve gsh by adding readline like capabilities (line editing, tab completions, history, etc).  Use groovysh instead of beanshell.

Completed in 2.3
Inbound messages

Allow Grouper to read a message queue and act on messages (e.g. membership changes etc)

Completed in 2.3Update third party dependenciesUpdate third party dependncies and have strategy to easily do this on each release. Document which libraries are used and licenses.
Completed in 2.3upgrade vt-ldapto ldaptive (PSPNG to use ldaptive). Use adaptor

Completed in 2.2

Unix GID management

Built-in support for managing unix GIDs by assigning a numeric ID to each group and folder.

Completed in 2.2

Legacy attribute migration

Migrate from legacy attributes to the new attribute framework in a transparent way.  The old API and WS and UI should still work correctly.  Plan to migrate lists and hooks as well.

Completed in 2.2

COmanage integration

Work cooperatively with the COmanage project to integrate Grouper within COmanage.  Integer group ID's, WS operation tweaks

Completed in 2.2

Subject security realms

Differently users might have different privacy requirements for the Subject API. Security by realm is implemented in the JDBC2 source adapter. Callers pass in which "realm" the search should take place in, and the source can adjust how the search takes place, what attributes look like, etc.

Completed in 2.2

Grouper user data

Store information about a user in grouper in a generic way.  e.g. recently used objects.  favorites, etc.

Completed in 2.1

GrouperWS high availability

In-built load-balancing to enable highly available read-only access to the Groups Registry via web services.

Completed in 1.6-2.1

PSP, formerly Ldappc NG

Complete work on the new provisioning connector, built from the Shibboleth Attribute Resolver and SPML components. Integrate with Grouper notifications for asynchronous, incremental updating in addition to periodic batch style updating. Includes specific support for Active Directory. Package a Shibboleth DataConnector for Grouper.

Real-time and incremental provisioning will be added in v2.1.

Consider adding an SPML input to grouper capability.

Completed in 2.1

Dynamic group membership

Dynamically maintain groups and memberships based on LDAP-resident attributes.

Completed in 2.0

Point in Time Audit

Query the state of the groups registry at a prior point in time.

Completed in 2.0

Rules

Declarative triggers that perform changes to the Grouper Registry.

Completed in 2.0

Federated group membership and privileges

Built-in support for memberships and Grouper privileges to be assigned to federated identities.

Completed in 2.0

Federated group management

Enable groups from autonomous Grouper instances to be referenced by and incorporated into another Grouper instance.

Completed in 2.0

PDP

The Grouper permissions web service takes into account allow/disallow and limits to give the decision of access back to the requestor

Completed in 2.0

Lite UI enhancement

Support easier to use end-user UI components in addition to the existing administrative UI. Initial component, for managing membership of a single group, is in v1.5.

In v2.0, add simple management of attributes, roles, and permissions.

Completed in 2.0

Integrate with VOOT

Integrate Grouper with VOOT (group protocol for cloud webapps), experimental...

Completed in 1.6-2.1+

Notification of changes

In v1.6, build on the initial implementation of incremental group, membership, and folder (or namespace) change notifications in v1.5 to provide notification based on flattened group membership to more efficiently enable relying parties to maintain membership lists. Also in v1.6, partner with a deployment using an asynchronous messaging infrastructure (perhaps an ESB) to drive enhancement of the toolkit for that style of data integration.

For v2.0, add flattened membership notification.
Somewhere along the line, add ability for users to register to be notified of changes to specified objects.

Completed in v1.6

Attribute framework

Complement the existing ad hoc attribute on groups with the ability to define and associate attributes of various types to groups, memberships, and folders. Initial release was in v1.5, comprising marker attributes. Additional attribute types in v1.6. Expose attribute framework suitably through web services interfaces in v1.6.

Completed in v1.6

Kuali Identity Management integration

A connector that enables Kuali Rice to delegate group management to Grouper.

Completed in v 1.6

Subject Web Service

Expose Subject API methods suitably via Grouper Web Services so that clients don't have to build their own way to reference Subjects.

Completed in v 1.6

External workflow integration

Integrate Grouper with Kuali Enterprise Workflow (v1.6), and maybe other implementations.

Completed in v1.5

Namespace Transition Support

The hierarchy of folders (or naming stems) in a deployment will change over time. This supports the ability to logically move or copy a group, a selection of groups, or a folder from one folder to another. This complements the capability of the XML Import/Export tool for prune & graft operations for large scale changes.

Completed in v1.5

User Audit

Report on who took which administrative action when.

Completed in v1.4

Extension hooks

Implement infrastructure within the Grouper API to enable independent extension of key internal events. Pre- and post-processing hooks will be provided for each "primitive API operation". This would make certain other tasks more feasible, notably "Notification of changes" in this roadmap and incorporation of a site's business rules.

Completed in v1.4

Enhance Web Services

Solidify the experimental Web Services support released in 1.3.0 based on field experience.

The issue has been resolved with improved Grouper configuration and the cessation of the Signet project.

Configuration and binding framework for I2MI

Identify and implement a framework in which combinations of I2MI components (currently Grouper API, Grouper UI, Grouper Web Services, Signet API, Signet UI, Ldappc, and Subject source adapters) can be easily integrated (not just in a single JVM). This is largely an issue of managing configuration and 3rd party libraries. The Spring application framework is an example of what might be used to address this need.

This was overtaken by the  "Enhance Web Services" item  in the roadmap.

Web service interface facades

Determine which subsets of native API capabilities should be exposed through more focused end points to facilitate access by applications to Grouper- and Signet-provided access management capabilities. Also investigate how facades may be used to manage access to underlying group and privilege management and query capabilities.

Not yet assigned

Further KIM-Grouper integration

Refine the Kuali KIM services interfaces and extend existing integration beyond group-level into roles & permissions.

Not yet assigned

Further uPortal-Grouper integration

Complete Phase II deliverables. Time frame for Phase III deliverables still to be determined in concert with uPortal team.

Not yet assigned

Security plugins

Spring security, Shiro, .NET plugins for Grouper WS that might be able to be distributed with the plugin itself.  Initial proof-of-concept code available: https://spaces.at.internet2.edu/display/Grouper/Unicon+Grouper+Contributions.


 

  • No labels