Subject: Grouper Developers Forum
Draft Minutes: Grouper Face-to-Face Meeting at SMM 27-Apr-09
- From: Emily Eisbruch <>
- To: Grouper Dev <>
- Subject: Draft Minutes: Grouper Face-to-Face Meeting at SMM 27-Apr-09
- Date: Wed, 6 May 2009 14:59:09 -0400
Grouper Working Group
Internet2 2009 Spring Member Meeting
in Arlington, VA
April 27, 2009
Tom Barton, U. Chicago (Chair)
RL "Bob" Morgan, U. Washington
Tom Dopirak, CMU
Roland Hedberg, SUNET
Nicole Harris, JISC
Thomas Lenggenhager, Switch
Shilen Patel, Duke
Niels Van Dyk, SURFnet
Debbie Bucci, NIH
Renee Shuey, PSU
Michael P. Pelikan, PSU
Ken Forstmeier, PSU
Randy Hegarty, PSU
Tom Golson, Texas A & M University
Mike Grady, U. Illinois
Sandeep Sathyaprasad, NIH
David Chadwick, University of Kent
Mark Scheible, NCSU
Juhani Gurney, NORDUnet
Liela Florio, Terena
Stefan Karapetrov, Polycom
Etan Weintraub, Johns Hopkins
Milan Sova, ESNET
Adam Stone, Lawrence Berkeley National Laboratory
Nate Klingenstein, Internet2
Ann West, EDUCAUSE/Internet2
Emily Eisbruch, Internet2 (scribe)
*Enhancements for Grouper v1.5*
(reminder: current version is Grouper 1.4.1)
- Namespace transition support, i.e. move and copy
- Audit and notification: phase I (user auditing)
- ldappc enhancements
- Enhancement performance of indirect membership
- Attribute framework (see discussion below)
*Enhancement to Grouper after v 1.5.0*
- Completion of audit and notification (point-in-time auditing, to answer questions like: “how did this membership get set on this group?”)
- Access management interfaces and tools − after attribute framework is implemented. The access management might be inside or outside of Grouper.
*Comments on Roadmap*
Grouper 1.5 will have substantial corrections in handling indirect memberships and their ramifications.
Q: What about tracking group management transactions and providing them for a listener to act on them? If there is a change at the bottom of a hierarchy, it’s important to reflect that change in all groups impacted. Will this be addressed in Grouper 1.5?
TomB: these issues are in Phase II of Audit and Notification, which will happen after Grouper 1.5.
For indirect consequences/ramifications of a membership change, all indirect effects will be computed up front. Composite memberships present a particular challenge. The Grouper dev team is going to solve issues related to composite memberships in a discussion later during the Spring Member Meeting.
*Attribute Framework Discussion*
Currently Grouper allows attributes on groups, which is useful. But the attributes are ad hoc and only work on groups.
1) a wider set of attribute types
2) ability to attach attributes not just to groups but also to stems and memberships.
Grouper attributes could be used as one approach to access management. An example would be to use attributes on a membership to define parameters for someone who can spend money in the financial system.
One of the issues with the approach of Signet was that it was apparently too a huge step, whereas Grouper attributes represent a more incremental approach.
*GUI Interfaces for Grouper*
Are sites starting to experiment with GUI interfaces for Grouper?
- Brown has Faculty Gateway, with 15 different applications to support a course. There is work underway to add a window that would give a view onto Grouper
- David Chadwick, University of Kent, commented that they have created a self- service GUI.
- U. Washington has a non-Grouper based system. They are about to make transition to Grouper and their plan is to add a light weight UI . They may decide to put their current system’s UI onto Grouper
- U Chicago has put a simple GUI on top of Grouper.
The user comes to it and focuses on a single group.
Chris Hyzer provided demos of
1. User auditing
2. How to model hierarchical org lists in Grouper
For links to the demo videos, see:
The demo shows how to load a hierarchical organizational structure from a database into Grouper. It is a special case because the information is indirectly in the database to start out with, so a hook needs to execute before the loader job to massage the data into a flat form that the loader can deal with (expand out the hierarchies into group names).
Q: How do I know that any particular stem is following a naming convention of an org. structure?
A: That’s in a configuration file, not in stem itself. Choice will be present after attribute framework is built.
Suggestion: it would be nice if there was one hierarchical view of the institution, and attributes reflected that.
Comment: There is wide distribution of how notions of hierarchy are reflected. Even if many notions, having a place to reflect them is good.
*Importing Org Information*
Bob RL: We will be supporting event-based export from Grouper as part of the notification framework. Seems like that would apply equally to importing org information. For example, if I'm scheduling chon jobs but would like changes to be reflected in my system of record. Would that be build on the hooks infrastructure we have?
Chris: right now, the loader would make sure to synch up once per day. Could manually, by means of hook, do integration. Could use Grouper web services to push the event in.
Steven: If a source system could achieve appropriate web services transaction, then the rest will fall into place. So need to build that into infrastructure -- the web services listener. Currently, there is no common standard.
Need a site to lead the way by demonstrating a use case.
Bob: we have an interest in having Grouper be more federation friendly, to facilitate having members from outside of from your own institution.
TomB: This is done by the caBIG people. Need to talk more about it.
- Draft Minutes: Grouper Face-to-Face Meeting at SMM 27-Apr-09, Emily Eisbruch, 05/06/2009
Archive powered by MHonArc 2.6.16.