Subject: Grouper Developers Forum
[grouper-dev] Draft Minutes: Grouper call 8-Dec-2010
- From: Emily Eisbruch <>
- To: Grouper Dev <>
- Subject: [grouper-dev] Draft Minutes: Grouper call 8-Dec-2010
- Date: Thu, 16 Dec 2010 13:57:55 -0500
Grouper Call 8-Dec-2010
Tom Barton, U. Chicago, Chair
RL "Bob" Morgan, U. Washington
Gary Brown, Bristol
Rob Hebron, Cardiff
Shilen Patel, Duke
Tom Zeller, U. Memphis
Jim Fox, U. Washington
Steve Olshansky, Internet2
Ann West, Internet2
Ann Ann Kitalong-Will, Internet2
Emily Eisbruch, Internet2 (scribe)
*New Action Items*
[AI] (Chris) will look for a database query for analyzing wiki pages for most currently updated. (Done)
*Carry Over Action Items*
[AI] (TomZ) will create a wiki page enumerating activities related to connectors.
If anyone is aware of a link checker tool that works well in a wiki environment, please tell SteveO. So far, SteveO has not identified such a tool for use in debugging the Grouper wiki upgrade process.
Ann KW reported that the switch over from the old Grouper wiki to the new did not go as smoothly would have been hoped. Issues include:
- Some pages did not get copied over to the new wiki. Ann KW is manually going through and checking for pages that have not been copied over.
- For pages copied to the new wiki, there are cases where the copied page is not the latest version.
- There are cases where the page's formatting has changed on the new wiki.
SteveO created a Grouper Wiki Issues page. Anyone who finds issues, please record them here:
Chris will look for a database query to detect cases where the page on the new wiki is not the latest version.
[AI] (Chris) will look for a database query for analyzing wiki pages for most currently updated.
Other things Ann will be looking at moving forward:
- checking that the correct navigation bar shows up on all pages.
- checking pages on the Grouper Project area versus the Grouper Product area.
- enhancing the Community Contributions page
[AI] (Emily) will give suggestions to Ann KW on the community contributions page of wiki
Ann is also open to helping Rob in areas where he may want assistance with the "Getting Started with Grouper" boo
*Status of the Grouper Book*
Rob has made much progress on the "Getting Started with Grouper" documentation.
He has been focusing on the chapters on Quickstart, including installing the Quickstart
When the draft of the Quickstart documentation is complete, Rob plans to work more on the introductory info, and on documentation on web services, Ldappc-ng, Grouper Loader, Grouper Client, etc.
Rob noted that some Grouper users have emailed him some questions based on his email being provided on this page: https://spaces.internet2.edu/display/Grouper/Introduction
*Quickstart Versus Grouper Demo VM*
Rob suggested that having a Grouper demo VM would be valuable.
A disadvantage of the Grouper demo VM approach is the time needed to maintain it.
Chris mentioned that he likes the uPortal Quickstart, where everything is ready to go as long as you have Java.
[AI] (Chris) will talk with Eric or Jen to learn more about the uPortal Quick Start distribution and its effectiveness as a demo
It was agreed that the Grouper demo server is helpful for evaluating Grouper, but people generally spend more time with something they can download and use locally.
Gary suggested extending the current Quickstart to include more capabilities. A more feature-rich, up-to-date Quickstart could even be the basis of a VM.
[AI] (Rob) will do some investigation of a VM demo for Grouper
*External Members and Unique Identifiers*
Chris worked on a way to register external users in Grouper, where external people can self register or be invited. Once registered in Grouper, these subjects can be assigned to groups.
Issue: If EPPN is not released, then when the external users register with Grouper, Grouper gets a targeted ID. If applications run in a different Apache or SP, those same subjects are also identified by a different targeted ID.
Another issue: Under this process, all attributes for an external user are user-entered, except for their EPPN (if it is released), Targeted ID, and possibly the email address they were invited with. This means that abuse is possible if people assert false attrbitues to get rights they should not have.
At U. Penn in order to register external subjects -- if EPPN is not released -- either
1. The user must talk to Shib maintainiers and release EPPN to all the SPs involved or
2. The user must sign up at ProtectNetwork. But with ProtectNetwork, EPPN is often user entered, again potentially compromising security.
Future solutions include:
- When uApprove is widely available, that will make it easier to release EPPN and other attributes
- Linking SPs together with attribute linking (affiliation), in which case all SPs will get the same targeted ID.
TomB: For a set of SPs to have access managed by a common Grouper instance, all SPs have to share an identifier for that person. Need some identifier in common between all the SPs and the group managment system
Bob: In many cases, neither Targeted ID nor EPPN are released by default. Depends on policy. This is a big issue for federations, not just for Grouper.
Q: What are current plans by COIN and COmanage for solving this identifier issue?
[AI] (Chris) will contact SURFnet about how COIN handles attribute release issues for external members. Chris will also contact Benn to discuss.
JimF noted that persistent ID is the ultimate solution, since targeted ID can change.
TomB: There have been discussion on MACE-dir about this, that we should leverage.
Next call is Wed. Dec. 22 at noon ET
Note: Add to the agenda for a future call : Discuss a stem set table to reflect the structural relationships among stems.
- [grouper-dev] Draft Minutes: Grouper call 8-Dec-2010, Emily Eisbruch, 12/16/2010
Archive powered by MHonArc 2.6.16.