grouper-dev - [grouper-dev] Draft Minutes from Grouper Call of Feb. 12, 2014
Subject: Grouper Developers Forum
List archive
- From: Emily Eisbruch <>
- To: "" <>
- Subject: [grouper-dev] Draft Minutes from Grouper Call of Feb. 12, 2014
- Date: Tue, 25 Feb 2014 12:13:45 +0000
- Accept-language: en-US
|
Draft Minutes from Grouper Call of Feb. 12, 2014
Attending Tom Barton, U. Chicago Chris Hyzer, Penn
Dave Langenberg, U. Chicago Misagh Moayyed, Unicon
Emily Eisbruch, Internet2, scribe
New Action items
[AI] (Dave) record the Stem Name and AD Provisioing issue in the Grouper roadmap as unassigned (Done)
https://spaces.internet2.edu/pages/viewpage.action?pageId=14517754
[AI] (Chris) will follow up again with CMU on search terms issue [AI] (to be assigned=Chris) take the older code base out of Grouper for uPortal connection Carry Over Action items [AI] DaveL write up the response to the Shib
Grouper question.
[AI] (Chris) will look at POST and GET parameter issues, identified as a flawed design pattern from the PEN testing
[AI] (Shilen) email the
Grouper users list about import and export
[AI] (DaveL) work on the PSP aspect of GRP 914.
[AI] (Andrew) let us know what emerges from the Apereo security notification process work.
=========== DISCUSSION
Upcoming Meetings and Grouper-Dev
Loose Ends
AD provisioning issue aStem:aName: vs aStem:aName in provisioning
Active Directory has some constraints regarding the storing of group and membership objects of the same name. DaveL has created a JIRA about the string matching issue: https://bugs.internet2.edu/jira/browse/GRP-950
Further discussion on this: Could this be an AD issue that we need to take into account? Assume that AD is unable to comprehend two canonical names where components of the names are the same but the actual CN's are different. Chris suggested: have a Grouper namespace that spans all object types, and Grouper would not allow creation of two objects with the same name. Thus, In Grouper you would not be able to create a stem or folder with same name as a group.
Another approach is a rule or a hook to do a veto of an action when someone tries to create a stem or folder with same name as a group.
Should we have a provisioning engine capability that handles mapping just for provisioning to AD? We do some mapping in PSP with AD already, such as for length issues. What is the better approach? There was a decision to limit how much to enhance PSP going forward. Instead put development effort on specific change log consumers for more narrow provisioning targets. It was agreed it would be best to have Grouper handle the issue (have the API disallow creation of same name objects) rather than the PSP
Chris: would we want the default going forward to be that object names must be unique? We could have one central table to create this constraint. We would probably want a global switch; a global rule is simpler (rather than having the rule apply per namespace). Could have a way to audit your namespace before turning on this rule. Dave: would there be a tool in GSH to fix this? Chris: could apply just to new objects, so it would not cause problems when you turn it on, even if history is not cleaned up. Chris: if we use database approach there could be problems with foreign keys
This is the first time this issue has come up. Decision: next time we ask the community about what the Grouper Project priorities should be, solicit community input on this. Need to record this as an unassigned issue on the roadmap.
[AI] (Dave) record the Stem Name and AD Provisioing issue in the Grouper roadmap (Done)
Multiple Subject Search Terms (continued)
https://lists.internet2.edu/sympa/arc/grouper-dev/2014-02/msg00005.html
Request from CMU about using "=searchterm" or "term1,term2,term3" to do exact match searching. From last call: Chris will look into implementing a checkbox that says "Match Exact Ids" Chris created this JIRA: https://bugs.internet2.edu/jira/browse/GRP-893
Further Discussion:
Use case is there are 5 user names and you want to add them to a group quickly. Admin UI addresses this use case but Web UI does not. Current solution using the Web UI is to add the names one at a time or do a batch import.
Q: How will this be address in the new Grouper UI for Grouper 2.2 A: Open a Group, Click Add Members, Add or Import a list of members, Copy/paste a list of member ID's
A multi-select combo box may be looked at for a future release
[AI] (Chris) will follow up again with CMU on search terms issue
Rule Inheritance Chris: Shilen has added the stem set table which links every stem to its ancestor at every level. Now with one query, it is possible to see if a rule is attached to any stem at its ancestor level.
Grouper v2.2 https://spaces.internet2.edu/display/Grouper/Grouper+UI+redesign+v2.2 UI – Chris is making progress.
SCIM provisioning (Dave)
Code is now working that talks to Grouper and will talk to a SCIM endpoint. Trying to get testing and unit tests built, will take a month or two.
Plan is that this SCIM provisioning feature will be part of the Grouper 2.2 release.
Misagh and Grouper Work
Misagh noted that there is a uPortal Grouper integration module in the Grouper source. That module can be dropped form the Grouper source, since this now exists in uPortal
[AI] (to be assigned=Chris) take the older code base out of Grouper for uportal connection
Misagh may take on a project to look at Grouper CAS integration based on a newer version of the CAS Client. Q: Is the Grouper community interested in an updated Grouper CAS integration? A: Tom: yes, excellent
Misagh is also interested in handling some easy JIRAs that the Grouper team would assign to him.
Next Grouper Call: Wed. Feb. 26, 2014 at noon ET
Emily Eisbruch, Technology Transfer Analyst
Internet2
office: +1-734-352-4996 | mobile +1-734-730-5749
|
- [grouper-dev] Draft Minutes from Grouper Call of Feb. 12, 2014, Emily Eisbruch, 02/25/2014
Archive powered by MHonArc 2.6.16.