Skip to Content.
Sympa Menu

grouper-dev - I2MM Signet/Grouper Bof, Monday, 24-Apr 10:30am

Subject: Grouper Developers Forum

List archive

I2MM Signet/Grouper Bof, Monday, 24-Apr 10:30am


Chronological Thread 
  • From: "Jessica Bibbee" <>
  • To: Signet <>,
  • Subject: I2MM Signet/Grouper Bof, Monday, 24-Apr 10:30am
  • Date: Thu, 4 May 2006 13:03:57 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:x-google-sender-auth; b=S2BEXQqt+P7AwxrrGhaHbKkshC3yQFBI35pbrF0ucUEAKeTend+KOqeaczAuDr3q/4CGej0eGnd7nYU4NjiCu6sX9BIU/qq5wxr929jR6Awmrg6YyorxdKzG5HG6m/fCimCaePHf1AcgDxRJKQYFGkbVf/ckAv9MI451NAY2vtI=

Signet/Grouper BoF
Spring Internet2 Member Meeting
Monday, 24-Apr-06, 10:30am – Arlington, VA

*Attendees*
Tom Barton, U. Chicago (chair)
Lynn McRae, Stanford U. (chair)
Von Welch, NCSA
Denis Hancock, U. Missouri
Gordon Springer, U. Missouri
Mike Grady, UIUC
Gretta Armstrong, Penn State U.
Mark Miller, Penn State U.
Craig Anthony, Penn State U.
Dan Coughlin, Penn State U.
John Kalbach, Penn State U.
Tom Scavo, NCSA
Jiri Borik, U. West Bohemia
Christopher Witzig, SWITCH
Thomas Lenggenhager, SWITCH
Heather Flanagan, Duke U.
Michael Gettes, Duke U.
Blair Christensen, U. Chicago
Will Norris, USC
Chad LaJoie, Georgetown/Internet2
Nadim El-Khoury, Georgetown U.
Xiaohui Cai, Georgetown U.
Gary Chapman, NGU
Joy Veronneau, Cornell U.
David Wasley
Robert Banz, UMBC
Dale Ghent, UMBI
David Bantz, U. Alaska
Cal Racey, Newcastle U.
John Paschoud, LSE
Morritz Theile, MAMS/Macquarie U/.
Neil Witheridge, Macquarie U.
Steven Wallace, Indiana U.
Jeff Letourneau, U. Maine
IJ Kim, Internet2
Mike LaHaye, Internet2
Steve Olshanskey, Internet2
Nate Klingenstein, Internet2
Iman Muttardy, Internet2
Jessica Bibbee, Internet2 (scribe)

*Discussion*
The slide presentation will be available from the program website: <http://events.internet2.edu/2006/spring-mm/sessionDetails.cfm?session=2642&event=242>

The Group discussed the Signet v1.0 release in February, and the nearing release of Grouper v1.0, which should be available by the end of May.

{Lynn} gave an update on the software and discussed upcoming features, which include:
    * Finish conditions/prerequisites (subject-attribute-based-rules)
    * User notifications
    * Groups interactions (show memberships, individual privileges based on memberships)
    * Assignment XML/Loader

The Signet distribution provides the JDBC and JNDI source adapters to move data into the products, via an XML document. Grouper will soon offer a JDBC rev, similar to the JNDI source adapter. Community contributions would benefit other users that want to preview loaders and provisioning connectors before trying it out.

Grouper v1.0 features will be visible in both the UI and API. Aging, rules-based memberships, and change-based provisioning will be available in Grouper v1.1.

{Tom} gave a brief review of the Signet/Grouper Early Adopters Deployment workshop at USC, and identified several areas of interest:

* getSubject[ByIdentifier](term, type)
* subject equality
* # types per source adapter >=1
* Distinction between/need for "group" provider & "memberships" provider
* Punt on passing queriers id to back=end

A subject adapter will allow multiple sources; both Signet and Grouper will incorporate a source adapter. Documentation will identify how to use specific sources for importing other data, whether a person or an application.

Several attendees said they are looking at using the Subject API for Signet/Grouper deployment.  How will the Subject API bring in other functionality of Signet? Grouper will manage its subjects, but will not know they are groups through the Subject API alone; a conversion would be needed.

{Lynn} talked about rules – generic use cases, requirements, and common engine. The simplest rule is the assertion of an attribute and value that must be found in subject interface, which remains true, - when Signet evaluates assignment, if it goes false, it can be turned off – this is Signet lifecycle management. Grouper has a similar condition, where an attribute remains true 'as long as XYZ.' For example, a privilege may have an effective start and end date – this exceeds the simple model, and is worthy of further discussion.

The Group discussed what needs to be done to enhance simple aging, perhaps by leveraging the structure. There are still some challenges for knowing who was managing the memberships at a distant point in the past.  It would also be helpful to know if a membership was created by the add or optin method; this may influence whether a person should have the option to optout. Are there sufficient use cases that suggest Signet is a tool for auditing requirements?

An alert mechanism was suggested for logging, as a means of notification when a change has taken place – who made the change, and when. More important than knowing what the membership is, but who has gained or lost privileges as part of that group. In Signet, a snapshot is available at any time, for the purposes of seeing if person X in group Y.

The Signet Working Group conference call on Friday, April 28 has been cancelled. The next Signet WG call will be held on Friday, May 12, 2006 at 11am EDT.



  • I2MM Signet/Grouper Bof, Monday, 24-Apr 10:30am, Jessica Bibbee, 05/04/2006

Archive powered by MHonArc 2.6.16.

Top of Page