Skip to Content.
Sympa Menu

grouper-dev - Minutes: Grouper Call 10-June-09

Subject: Grouper Developers Forum

List archive

Minutes: Grouper Call 10-June-09


Chronological Thread 
  • From: Emily Eisbruch <>
  • To: Grouper Dev <>
  • Subject: Minutes: Grouper Call 10-June-09
  • Date: Tue, 16 Jun 2009 17:18:48 -0400
**Grouper Call 10-June-09**
 
 *Attending*

 

Tom Barton, U. Chicago (chair)
RL “Bob” Morgan, University of Washington
Gary Brown, Bristol 
James Cramton, Brown
Shilen Patel, Duke 
Chris Hyzer, U. Penn 
Tom Zeller, U. Memphis 
Steve Olshansky, Internet2   
Ann West, EDUCAUSE/Internet2 
Emily Eisbruch, Internet2 (scribe) 

**New Action Items**
[AI] Chris will create an Attribute Framework wiki page as a discussion starter.

[AI] Chris will create a list of items related to Change Log and Notifications for the group to review in order to determine which items should be done for Grouper 1.5 and which saved for a later version.

 

**Discussion**

*Enable/Disable Memberships*


This enhancement would add three columns to the memberships table: 
disabled_timestamp 
enabled_timestamp 
enabled (T|F). 

The loader would enable /disable memberships on the specified dates. For a disabled membership, the effective and composite memberships would disappear as if the membership was deleted. Reenabling the membership would reinstate that information. 

Chris stated that Penn has asked for this, and since membership table is being redone, it’s a good time to implement this enhancement. In the longer term, we should think about some way to incorporate enable/disable memberships into the UI, web services, and gsh.

Gary noted it’s important to be clear whether enable/disable of membership will occur at start of day or end of day.

A future enhancement may implement the same enable/disable feature for groups to facilitate aging out of old groups.


**Database Views**


This is a proposal to assume the Grouper registry runs in a database that supports views. This will permit re-use of SQL logic and allow for simpler queries. A consequence of this change is that Grouper would not work on a database that does not support views.

Right now the MySQL, Postgress,  Oracle, and HSQL all support views.

Question about MSSQL:  Does it support views? 
U. Chicago is using Grouper with MSSQL. Chris added MSSQL to the list of supported databases in the release steps:

Decision: Move in the direction of relying on database views in Grouper IF this is supported by MSSQL. 

** Shib GrouperData Connector as a provisioning solution**


TomZ recommends using the ShibbolethAttributeResolver for the next generation of Ldappc. 

Performance issue: Shib grabs all info from a source at one time and then filters it.  This approach may not be appropriate with Grouper, especially for a very large group. We will need to do filtering on the front end so it will be faster. TomZ is looking at the Shib Spring connection to determine how to do that filtering.

TomB: noted that using the ShibbolethAttributeResolver approach could have two advantages: 

1. It’s another way of provisioning an LDAP directory or other targets.

2. It would give Shib another data connector
so that one could get group-related info straight from a group registry rather than first having to provision it in LDAP.

RL “Bob” expressed concern about point #2. He believes it’s a bad idea to mix transactional databases with data distribution points.

TomB : We’ve done a lot of work on other read interfaces, besides LDAP, especially on web services. Have had requests for a long time to have a Grouper data connector in Shib.

Chris expressed another concern with getting group related info straight from a group registry:  if Grouper is down, people can’t log into their services. TomB suggested the option of replicating the underlying RDBMS or using other methods.

A SAML profile request would be used to handle notification under the proposed ShibbolethAttributeResolver approach.

There was agreement this is the form the next generation of Ldappc should take.

Q: Will this provisioning approach accommodate an enterprise service bus type coupling with application level polling.  

A: Support for notifications will be included in Grouper 1.5. Notifications will be available for listeners to do what they want with. So a listener could work with an enterprise service bus.  

[AI] Chris will create an Attribute Framework wiki page as a discussion starter.

**Change Log Table / Notification**


Under the proposed change log/notifications approach, notification consumers would run inside the loaders. By registering the consumers, it’s possible to track which consumers consumed what notifications.

Q: We had also talked about a less formal arrangment where it’s possible to consume notifications outside of the loader.

A: True, we had talked about a web services interface where consumers aren’t registered. We can do that for 1.5 or a later version.

Advantages of some registering is to do filtering of what notices consumers receive. Consumers might need only a fraction of the total.

If consumers get notifications outside of the loader they can write their own JAVA class and read from that table. Or using web services, a notification consumer could read everything past a certain sequence method.

Also the API could be used to read from the change log.

 

[AI] Chris will create a list of items related to Change Log and Notifications for the group to review in order to determine which items should be done for Grouper 1.5 and which saved for a later version.


Next Call: Wed. 22-Jun-09, Noon ET 




Emily Eisbruch, Technology Transfer Analyst
Internet2
office: +1734-352-4996 | mobile +1-734-730-5749

ESCC/Internet2 Joint Techs
July 19-23, 2009 - Indianapolis, Indiana
http://jointtechs.es.net/indiana2009/


Archive powered by MHonArc 2.6.16.

Top of Page