Grouper Developers Forum

[Emily Eisbruch <>]

Notes: Grouper Call of  Wed. March 25, 2015 at noon ET

Attending:

Chris Hyzer, U. Penn,  (stand-in chair)

Jim Fox, U. Washington  

Shilen Patel, Duke  

Misagh Moayyed, Unicon

Emily Eisbruch, Internet2

New Action Items from March 25, 2015

[AI] (Misagh) add the code environment issue to the Grouper roadmap

and start a wiki page listing  requirements

[AI] (Dave) review Chris’s message format example config page and provide Chris with thoughts/reactions. If Dave agrees on the message format work, then Chris put together a proof of concept.

Completed Action Item with Link

[AI] (Chris) show example of Person Web Service to illustrate how we might proceed regarding message formats.  Include configuration example. (DONE)

Carry Over Action Items

[AI] (Chris) work on moving objects via web service (started)

[AI] (DaveL) record ideas about handling categories (Brown’s case) based on the Feb. 11 Grouper call discussion on the Post PSP Provisioning page (TODO)

[AI] (Misagh and Chris) test the unmappable character  issue using Unicode. Then create wiki page to document the approach.  (DONE)

Misagh created a JIRA for a new issue he found.
Non-english chars don’t seem to render correctly

https://bugs.internet2.edu/jira/browse/GRP-1128

Chris suggests to try this on installed version, not on Dev

[AI] (DaveL) follow up on provisioning empty groups to LDAP to be sure the solution is documented (TODO)

[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3. (ongoing TODO)  Page with list

[AI] Chris produce training videos on upgrading and patching. [Upgrade one is done but has a quiz bug. Patching is 75% done] (DONE, Emily needs to upload to youtube and link)

[AI] Tom to bring pen testing need into TIER process (remains long term)

DISCUSSION

Revising code environment

MIsagh raised ths issue of revising code environment to get rid of dependencies and the hybrid builds (Maven and ant builds, hard to keep everything in sync). Suggestion we do this for Grouper 2.3. Should be on the roadmap.  What will the tool be?

Options:

1. Ivy: keep existing ant scripts and use Ivy for dependency retrieval

2. Maven: Remove ant build script and let maven drive both the build and dependency retrieval. (create various profiles for each env)

3. Gradle: Remove ant/maven build scripts. Use groovy scripts to retrieve dependencies and drive the build

Need to figure out versions for each dependency.

If we use ant, must convert to maven format?

If we use Gradle, can script everything

 Gradle is most modern and natural way to do a build

Conversion from ant to Gradle may be time consuming

Gradle lets you declare repositories

Gradle is compatible w Maven, it knows to look at Maven Central and your local Maven repository

Maven has concept of profiles,

Maven can look at  jars not in a repository (not sure Gradle does this)

Gradle is closer to ant conceptually

Must configure to get source files

We need to describe our requirements before we choose a tool

Misagh found that that are jars that do not reference a version in filename, so some research will be required

Chris: version is in the jar manifest

[AI] (Misagh)  will add this code environment issue to the Grouper roadmap

and start a wiki page listing  requirements

Quick items

·        Grouper patch error with changed file

          Chris  documented how to address that situation on the Grouper patching wiki

         https://spaces.internet2.edu/display/Grouper/Grouper+patching

·        Disabled date

              Shilen: this is a good idea

             Chris needs to think about this request, and look at the API

             Perhaps use Checkbox for non-enabled?

·        Loader big swing in group membership

             Chris: problem w truncating a table

·        Point in time audit question (Shilen did not hear back on this, so assuming things are OK for now)

message formats

  Chris suggests  a solution that allows for inheritance

   Grouper provides some config property files, including default security

An institution can have property files

  Transform JSON for each message type

  use transformation configuration  

Comment: seems flexible

Q: Is there overhead?

A: Chris: can run this pretty quickly

A key component is being able to debug and see at what step there is a problem

So you can see an unencrypted and encrypted log directory

To facilitate figuring out problems

Misagh: maybe instead of declaring each transformation as a property setting, use a transform implementation class to describe a java component that does transformations in this particular way.  A site could replace that with their own transformation (in _javascript_ or groovy)

Chris: yes we can do that too

Config-based makes things easier, uses _expression_ language, but a site can also use a programming language

Misagh: Can we have an option for shared secret instead of JOSE certificates?  Easier than certificates.

Chris: yes, shared secret should be one of the options.  We would decide on the default, and a site could change that.

Shilen: looks good

[AI] (Dave) review Chris’s message format example config page.

[AI]  (Chris) If Dave agrees on the message format work, then Chris put together a proof of concept.

Please tell Chris if you think of other use cases besides:

-Add a new config file without adding an existing

-Having default settings and then override those

-Filtering and Transformations ( to be done declaratively or programmatically)

4. Reminder:

   Grouper BOF at 2015 Global Summit, Tuesday, April 28, 2015 at noon ET

Next Grouper Call: Wed. April 8, 2015 at noon ET

Emily Eisbruch, Technology Transfer Analyst
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749