Notes from Grouper Working Group, at Technology Exchange in Indianapolis, Oct. 29, 2014
Discussion
Tom Barton welcomed the group and gave a brief introduction to Grouper. See slides here:
https://spaces.internet2.edu/download/attachments/49841507/GrouperWGTechExOct2014-TomBarton.pdf?version=1&modificationDate=1417610312207
Grouper 2.2 Release and 2.2.1 Release (Chris Hyzer, University of Pennsylvania)
See Slides here:
https://spaces.internet2.edu/download/attachments/14517786/GrouperWG-TechEx-Oct2014-ChrisHyzer.pdf?version=1&modificationDate=1417463883462
-Grouper 2.2.0
-Grouper 2.2.1
Feedback on Grouper 2.2.0
-PSU
Gail Dunmire of PSU reported that the person who did the install of Grouper 2.2.0 at PSU needed to do it several times. The configuration file overlays took time. Overall, the config overlays are a good improvement and will save time for future upgrades.
The new install process, made possible with the Upgrader provided with Grouper 2.2.1 sounds like a good improvement.
-Carnegie Mellon
- CMU has had Grouper in production for one year
- now CMU will install 2.2.1 with the old Grouper UI (and a link will be provided to the new UI), so the change to the new UI does not freak people out
- The hope is that users will start to ask for the new UI
- challenge on how to migrate people to the new UI
- Currently, with every name, there is a display of that person's status (active, suspended, faculty , student or staff)
Provisioning Future (Dave Langenberg, U. Chicago)
https://spaces.internet2.edu/display/Grouper/Post+PSP+Provisioning
The current PSP approach to provisioning has shown some problems with efficiency. Having the SPML engine in the middle is an issue.
Over last several months, the Grouper team, with input from the community, has discussed how to handle provisioning in Grouper moving forward (starting with the Grouper 2.3 release).
- Current direction is to follow in footsteps of CMU and U. Washington and
to write a generic message format to generic message system targeting LDAP and AD (the most common use cases) - JSON will be the message format.
- Messages should be signed and optionally encrypted
- still figuring what goes in the message
- Would have a base implemention you can take and extend
- In Grouper 2.3 , the new approach will be available. The PSP will not go away, but will not be extended.
- The current plan is to have connectors to common targets.
- We hope to make the provisioning config easier
Bill Thompson, Lafeyette College: those who are working on new Grouper deployments need info as soon as possible regarding the future of the PSP.
Question: will there be embedded AMQ?
Answer: This is not in the plans
Question: will there be bulk reconciliation?
DaveL: yes
Community Code Contributions
An important aspect of our work is the chance for community contributions from which all benefit. We appreciate the work that everybody does.
See list of Contributions and also important guidelines for successful contributions on pages 12-14 here:
https://spaces.internet2.edu/download/attachments/14517786/GrouperWG-TechEx-Oct2014-ChrisHyzer.pdf?version=1&modificationDate=1417463883462
What are you working on at your site that could be helpful to the community?
Comments
Grouper Roadmap, for reference:
https://spaces.internet2.edu/pages/viewpage.action?pageId=14517754
Community Contributions (Adopter Sketches)
Additional Grouper Resource From Technology Exchange
Thanks to Consortium GARR (Italian Academic and Research Network) for this presentation at the Technology Exchange:
Title: Implementing Grouper to Federate User Authorization
https://spaces.internet2.edu/download/attachments/49317986/20141029-Biancini-FederatedAuthorization.pdf?version=1&modificationDate=1414625800830
Emily Eisbruch, Technology Transfer Analyst
Internet2
office: +1-734-352-4996 | mobile +1-734-730-5749