grouper-dev - [grouper-dev] Draft Minutes: Grouper Call 7-Dec-2011
Subject: Grouper Developers Forum
List archive
- From: Emily Eisbruch <>
- To: Grouper Dev <>
- Subject: [grouper-dev] Draft Minutes: Grouper Call 7-Dec-2011
- Date: Tue, 13 Dec 2011 14:58:25 -0500
Draft Minutes: Grouper Call 7-Dec-2011 Attending Tom Barton, U. Chicago, Chair Chris Hyzer, Penn Gary Brown, Bristoll Shilen Patel, Duke Tom Zeller, Unicon Jim Fox, University of Washington Steve Olshansky, Internet2 Emily Eisbruch, Internet2 (scribe) New Action Items [AI] (Gary) will look at the issue of paging in the Admin UI [AI ] (Chris) will reverse the changes to the secure member sort / search. [AI] (Shilen) will forward to Emily and SteveO a request about the Grouper demo and SAML2 [AI] (Jim) will create a wiki page on reconciling the two LDAP source adapters [AI] (TomZ) will email the list about LDAPPC-NG naming issues. Carry Over Action Items [AI] (TomZ) will talk with community members about reviewing LDAPPC-NG real time provisioning docs in January 2012 [AI] (TomZ) will review Jira issues for the next release and ensure they are properly fleshed out. [AI] (TomZ) will review the Grouper LDAP Loader doc and provide feedback to Chris, possibly with lessons learned from LDAPPC work. https://spaces.internet2.edu/display/Grouper/Grouper+-+Loader+LDAP [AI] (TomZ) will update JIRA to reflect the priorities [AI] (Rob) will follow up with Danno on obtaining the server for the Continuous Integration Environment. [AI] (Everyone) review Rob's chapters and give him feedback on the Grouper Users List. DISCUSSION Admin UI Paging Issue An issue needing resolution for the Grouper 2.02 release involves the Admin UI and subject search paging. - The UI generally gets all subjects for a query, saves them in memory and you can page thru them - But if sources.xml settings are such that not all results are saved in memory, then often there is no 2nd page of results available - In these cases, the paging buttons should be removed from the Admin UI [AI] (Gary) will look at the issue of paging in the Admin UI Secure Member Sort/ Search issue - If group A is member of group B - and the person (Mary) viewing the group B does not have privileges to view group A - should Mary be able to see the name or UUID of group A? - Currently, Mary can see the name of group A. - Maybe Mary should only be able to see the UUID but not the name? - TomB: This can go either way, view issues become problematic. - Decision was to keep things the way they are now (one advantage, things will be faster) - Chris will reverse some changes he made recently. [AI ] (Chris) will reverse the changes to the secure member sort / search. Releasing Grouper 2.02 - Will release Grouper 2.02 during the week of Dec. 12 if possible. - There will be modest needs on communications and outreach - Try to communicate that this is not a critical release - This release is most important affected by the stale state exception issue - SteveO will need the bullet points of what's changed Naming Local Entities Naming of non-person entities was discussed on the last Grouper-dev call. - "local entity" has been suggested as the term to use and so far there are no objections. - don't have to make a final decision until we get closer to releasing Grouper 2.1 Grouper Demo Access to the Grouper demo is failing when SAML2 authentication is used. [AI] Shilen forward to Emily and SteveO request about Grouper demo and SAML2 (DONE) LDAP Source - TomZ reported that he has OpenLDAP and phpLDAPadmin configured on the Grouper demo. - TomZ raised these questions about the LDAP source and how to show it on the Grouper demo: - Do we want to use an LDAP subject source instead of / in addition to JDBC ? - Do we want to allow authenticated users to browse the LDAP directory ? - What data should be put in the Grouper demo to show how LDAP source works? - TomZ would rather have a real use case, but we need some data for testing. - need subject and need a source XML config that points to it - there are different approaches to generating the test subjects - need some randomness to the names - [AI] TomZ will put test data in the demo to show using an LDAP source - Should we change the identifier scheme because we have two sources? - Chris: it does not matter much on the demo server be cause authentication to UI is EPPN-based - there won't be an EPPN identifier in LDAP Q: Will there be a source for LDAP and a source for vt-LDAP? - TomZ: We should move to using the new vt-LDAP by default, and just leave old code there so things don't break - if we continue to put the older LDAP in the package, it must be in the test - or we can communicate that we are going to deprecate the older LDAP and then we can pull it out. - or we could keep it in SVN but not put it in distribution - the config is not exactly the same, but maybe could be merged - suggestion to give Chris sources for vt-LDAP and then do the merge - have one source on the demo server, and in Grouper 2.1 we will merge the two Jim will create a wiki page outlining the steps. [AI] (Jim) will create a wiki page on reconciling the two LDAP source adapters Naming LDAPPC-NG or PSP (provisioning service provider?) - Should the name indicate association with just Grouper and just LDAP or should it be broader? - indicate the beginnings of more general provisioning system? - TomZ looked at using the Grouper Loader to get code into Grouper, and compared that to LDAPPC NG - There were issues with the workspace getting messed up with so many renames - Starting over with a clean slate, how to organize the JAVA class files? - This should not involve changing much code, but organizing things - TomZ looked at IdP v.3 layout as an example to work from - The goal is to help a deployer who wants to customize a source for a target Modules could be: psp-provisioning-engine psp-grouper-source psp-grouper-target psp-ldap-source psp-ldap-target psp-grouper-changelog psp-parent grouper-shib - important to highlight parts that are sources, the parts that are targets, and the engine in the middle - would be good to get contributions from Brown from their provisioning work - TomB: the PSP names proposed make sense - The list could grow longer over time Java Package Name TomZ: there is also an issue re the Java package name. These is: -java package name (LDAPPC) - XML namespace name (LDAPPC) - name config file (mixed names between LDAPPC and LDAPPC NG) - project name is LDAPPC NG - Assuming the LDAPPC-NG code could replace the LDAPPC code, we do not want to put LDAPPC-NG in XML - TomB: maybe we should replace the term LDAP over time anyhow - TomZ: could go to PSP everywhere - we have the name Shibboleth for an IDP - still need a namespace qualifier - it could be LDAPPC or Grouper - we want to scope this correctly - Maybe in the future it will more general purpose - for now, we don't want to promote it as such - what about use cases like Google, or box.net ? - need to consider trademark when picking names [AI] (TomZ) will email the list about LDAPPC-NG naming issues. Web services availability design idea ( Chris ) Chris proposed ideas about always available web services: - TomB noted that LDAP and DNS are alike in the they both require the client to have a list of servers to go to - The group agreed with Chris's proposal. - Jim suggested that longer-term, a production Grouper system ought to include with it internally a couple of LDAPs - this would give the speed and redundancy that's needed Next Call: Wed. Dec 21 at noon ET. Emily Eisbruch, Technology Transfer Analyst Internet2 office: +1-734-352-4996 | mobile +1-734-730-5749 Visit our website: www.internet2.edu Follow us on Twitter: www.twitter.com/internet2 Become a Fan on Facebook: www.internet2.edu/facebook |
- [grouper-dev] Draft Minutes: Grouper Call 7-Dec-2011, Emily Eisbruch, 12/13/2011
Archive powered by MHonArc 2.6.16.