Grouper Developers Forum

[Emily Eisbruch <>]

Notes: Grouper Call of Wed., Jan. 14, 2015

Attending

Tom Barton, U. Chicago, chair   present

Chris Hyzer, U. Penn  present

Shilen Patel, Duke  present

Jim Fox, U. Washington present

Misagh Moayyed, Unicon present

David Langenberg, U. Chicago present

Emily Eisbruch, Internet2, absent

Action Items

[AI] (Dave, Chris, Jim) Create example messages encrypted/signed in various ways in a wiki page, then we can all look them over.

[AI] (Chris) write some formats of messages including SCIM

[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3.

[AI] Chris do training videos on upgrading and patching.

[AI] Tom to bring pen testing need into TIER process

Carry Over Action Items

[AI] (Shilen) will put his Java and Config changes into the patch framework (zip file, meta file and new and old directory) [Done]

[AI] (Jim) will redo the upgrade and log the time when Shilen’s code has been added to the new patch framework. [Waiting on Shilen to provide Jim with instructions on applying the patch]

[AI] (Emily) look into providing better, easier to find, documentation on deployment experiences with Grouper and AD, Grouper and Google Groups, etc. perhaps using Confluence tags

[AI] (Shilen) create a Grouper training video on the new Grouper UI

[AI] (Tom) follow up on pen testing of Grouper 2.2. Not done.

Discussion

Post PSP Provisioing Choices and Plans

https://spaces.internet2.edu/display/Grouper/Post+PSP+Provisioning

Key ideas:

• -We build a generic messaging platform, lightweight

  • https://spaces.internet2.edu/display/Grouper/Grouper+Messaging+System

• -Provisioning will be based on messages

• -Grouper will ship with provisioning connectors to internal, AWS and ActiveMQ

• -Will provide implementation to provision to LDAP and AD, will rely on the community to provide other implementations

• -Signing will be handled using JOSE https://datatracker.ietf.org/wg/jose/documents/

• Format to use for messages? TBD (SCIM and Univ. of Washingon format are being looked at)

Security and Encryption Issues

Question: Should we nail security & encryption to JOSE  or should we provide an interface and make security and encryptions configurable and pluggable?

What is the right design to meet the needs of the deployment environments?

How should those capabilities be mapped in terms of what we write and what we ask deployers to handle?

Different targets will need different amounts of information. The installed solution needs to address that.

Consensus emerging that design should enable single-to-many message content, including encryption and signing. And other target-dependent content.  JOSE might be overkill. Some sites might want to choose a different encryption approach.

[AI] (Dave, Chris, Jim) Create example messages encrypted/signed in various ways in a wiki page, then we can all look them over.

Look at SCIM first, see what it will take to flesh it out for this context? Yes. It will fall short, but the question will be whether we should extend it to meet needs.

[AI] (Chris) write some formats of messages including SCIM

http://www.simplecloud.info/

[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3.

Grouper Messaging System

Discussion of Chris’s straw man abstract message interface for Grouper.

https://spaces.internet2.edu/display/Grouper/Grouper+Messaging+System

Custom Client jars would be needed to interact with a particular system (ActiveMQ, Azure, etc)

There could be many optional parameters. How to address params?

Misagh: Could use a map at the API level of parameters that a client might want (timestamp, channel, topic type).  

Note: TimeStamp for when a message was sent makes sense for every message.

Approach to ordering?  Note: AWS does not have ordering.  Chris: better if we assume there is ordering. Use DynamoDB.

Chris: Or could provide a lot of configuration, and the params info could be in a generic config file for that implementation.

Jim: Microsoft Azure Service Bus is best of AMQ and AWS.  It maintains the order of messaging. Has filtering messages at the Azure site. Cost comparable to Amazon. APIs seem stable, process to integrate unexceptional.

3. v2.3 UI

https://spaces.internet2.edu/display/Grouper/Grouper+UI+development+v2.3

Carry this topic over to next call.

Next Grouper-Dev Call: Wed. Jan. 28, 2015

Emily Eisbruch, Technology Transfer Analyst
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749