Grouper Developers Forum

[Emily Eisbruch <>]

Grouper Call 8-Dec-2010

*Attending*

Tom Barton, U. Chicago, Chair
RL "Bob" Morgan, U. Washington
Gary Brown, Bristol

Rob Hebron, Cardiff

Shilen Patel, Duke
Tom Zeller, U. Memphis 
Jim Fox, U. Washington
Steve Olshansky, Internet2
Ann West, Internet2
Ann Ann Kitalong-Will, Internet2
Emily Eisbruch, Internet2 (scribe)   

*New Action Items*

[AI] (Chris) will look for a database query for analyzing wiki pages for most currently updated. (Done)
[AI] (Rob) will do some investigation of a VM demo for Grouper
[AI] (Chris) will talk with Eric or Jen to learn more about the uPortal Quick Start distribution and its effectiveness as a demo
[AI] (Chris) will contact SURFnet about how COIN handles attribute release issues for external members. Chris will also contact Benn to discuss.
[AI] (Emily) will give suggestions to Ann KW on the community contributions page of wikihttps://spaces.internet2.edu/display/Grouper/Contributions

*Carry Over Action Items*

[AI] (TomZ) will create a wiki page enumerating activities related to connectors.
[AI] (TomZ) will work with Chad in the process of proposing a Working Group to focus on provisioning.
[AI] (Gary) will send a note to Rob and the Grouper-users list regarding using pointers to or incorporating existing Grouper intro material in the Grouper book
[AI] (Jim and Chris) will discuss the high availability web service.
[AI] (TomZ and Chris) will discuss/work on LDAP Grouper Loader for importing groups.
JIRA 442
[AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List.https://spaces.internet2.edu/display/GrouperWG/GrouperBook  
[AI] (TomB) will explore new international participation for work on the Grouper UI.

DISCUSSION

*Grouper Wiki*

https://spaces.internet2.edu/display/Grouper/Grouper+Wiki+Home

If anyone is aware of a link checker tool that works well in a wiki environment, please tell SteveO. So far, SteveO has not identified such a tool for use in debugging the Grouper wiki upgrade process.

Ann KW reported that the switch over from the old Grouper wiki to the new did not go as smoothly would have been hoped.  Issues include:

- Some pages did not get copied over to the new wiki. Ann KW is manually going through and checking for pages that have not been copied over.

- For pages copied to the new wiki, there are cases where the copied page is not the latest version.

-  There are cases where the page's formatting has changed on the new wiki.

SteveO created a Grouper Wiki Issues page.  Anyone who finds issues, please record them here:

https://spaces.internet2.edu/display/Grouper/Grouper+Wiki+Issues

Chris will look for a database query to detect cases where the page on the new wiki is not the latest version.

[AI] (Chris) will look for a database query for analyzing wiki pages for most currently updated. 

Other things Ann will be looking at moving forward:

- checking that the correct navigation bar shows up on all pages.

- checking pages on the Grouper Project area versus the Grouper Product area.

- enhancing the Community Contributions page

https://spaces.internet2.edu/display/Grouper/Community+Contributions

[AI] (Emily) will give suggestions to Ann KW on the community contributions page of wiki

Ann is also open to helping Rob in areas where he may want assistance with the "Getting Started with Grouper" boo

*Status of the Grouper Book*

https://spaces.internet2.edu/display/Grouper/Getting+Started+with+Grouper

Rob has made much progress on the "Getting Started with Grouper" documentation.

He has been focusing on the chapters on Quickstart, including installing the Quickstart

https://spaces.internet2.edu/display/Grouper/Grouper+Book+-+Getting+started+with+the+quickstart

When the draft of the Quickstart documentation is complete, Rob plans to work more on the introductory info, and on documentation on web services, Ldappc-ng, Grouper Loader, Grouper Client, etc.

Rob noted that some Grouper users have emailed him some questions based on his email being provided on this page:  https://spaces.internet2.edu/display/Grouper/Introduction

*Quickstart Versus Grouper Demo VM*

Rob suggested that having a Grouper demo VM would be valuable.

• It would potentially require less work to install than the existing Quickstart, and so would offer a lower barrier to entry. 
• The target audience -- people who evaluate products -- are often system architects and not developers. They don't want to do setup, they want things packaged for them.
• Some potential Grouper adopters may not succeed with the Quickstart because they don't know Java.
• For the Quickstart, getting the databases installed can be an issue.
• A VM can be part of a continuous integration environment.

A disadvantage of the Grouper demo VM approach is the time needed to maintain it.

Chris mentioned that he likes the uPortal Quickstart, where everything is ready to go as long as you have Java.

http://www.jasig.org/uportal/download

[AI] (Chris) will talk with Eric or Jen to learn more about the uPortal Quick Start distribution and its effectiveness as a demo

It was agreed that the Grouper demo server is helpful for evaluating Grouper, but people generally spend more time with something they can download and use locally.

Gary suggested extending the current Quickstart to include more capabilities. A more feature-rich, up-to-date Quickstart could even be the basis of a VM.

[AI] (Rob) will do some investigation of a VM demo for Grouper 

https://lists.internet2.edu/sympa/arc/grouper-dev/2010-12/msg00018.html

*External Members and Unique Identifiers*

Chris worked on a way to register external users in Grouper, where external people can self register or be invited. Once registered in Grouper, these subjects can be assigned to groups.

https://spaces.internet2.edu/display/Grouper/Grouper+external+users

Issue: If EPPN is not released, then when the external users register with Grouper, Grouper gets a targeted ID.  If applications run in a different Apache or SP, those same subjects are also identified by a different targeted ID.

Another issue: Under this process, all attributes for an external user are user-entered, except for their EPPN (if it is released), Targeted ID, and possibly the email address they were invited with. This means that abuse is possible if people assert false attrbitues to get rights they should not have.

At U. Penn in order to register external subjects -- if EPPN is not released -- either

1. The user must talk to Shib maintainiers and release EPPN to all the SPs involved or

2. The user must sign up at ProtectNetwork. But with ProtectNetwork, EPPN is often user entered, again potentially compromising security.

Future solutions include:

-  When uApprove is widely available,  that will make it easier to release EPPN and other attributes

-  Linking SPs together with attribute linking (affiliation), in which case all SPs will get the same targeted ID.

TomB: For a set of SPs to have access managed by a common Grouper instance, all SPs have to share an identifier for that person. Need some identifier in common between all the SPs and the group managment system

Bob:  In many cases, neither Targeted ID nor EPPN are released by default. Depends on policy. This is a big issue for federations, not just for Grouper.

Q: What are current plans by COIN and COmanage for solving this identifier issue?

 [AI] (Chris) will contact SURFnet about how COIN handles attribute release issues for external members. Chris will also contact Benn to discuss.

JimF noted that persistent ID is the ultimate solution, since targeted ID can change.

TomB: There have been discussion on MACE-dir about this, that we should leverage.

Next call is Wed. Dec. 22 at noon ET 

Note: Add to the agenda for a future call : Discuss a stem set table to reflect the structural relationships among stems.

Emily Eisbruch, Technology Transfer Analyst

Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749

Visit our website: www.internet2.edu
Follow us on Twitter: www.twitter.com/internet2
Become a Fan on Facebook: www.internet2.edu/facebook