Grouper Developers Forum

[Emily Eisbruch <>]

Notes: Grouper Call of  Wed. April 22, 2015 at noon ET

Attending:

Tom Barton, U. Chicago

Chris Hyzer, U. Penn

Jim Fox, U. Washington

Shilen Patel, Duke  

Misagh Moayyed, Unicon

David Langenberg, U. Chicago

Emily Eisbruch, Internet2

New Action Items from the April 22 call

[AI] (Tom) invite Chris Phillips to an upcoming Grouper-Dev call

[AI] (Dave) document on the wiki how the various use cases related to messagine will be handled .

Action Items from April 8, 2015

[AI] (Misagh) contact Unicon re licensing issues for contribution of Grouper  ESB Connector for AMQP Brokers (Done) Apache 2

[AI] (Chris) start wiki with suggestions for Grouper Contributions

• Even state the obvious, Eg, use java, use libraries, use config overlay files consistent w existing Grouper architecture, discuss with Grouper-Dev , (PENDING)

Older, Carry Over Action Items

[AI] (Chris) work on moving objects via web service (started)

[AI] (DaveL) record ideas about handling categories (Brown’s case) based on the Feb. 11 Grouper call discussion on the Post PSP Provisioning page (TODO)

[AI] (Misagh and Chris) tested the unmappable character  issue using Unicode. Then created wiki page to document the approach.   Misagh created a JIRA for a new issue he found.
Non-english chars don’t seem to render correctly

https://bugs.internet2.edu/jira/browse/GRP-1128

Chris suggests to try this on installed version, not on Dev,  STILL TO DO FOR Misagh

[AI] (DaveL) follow up on provisioning empty groups to LDAP to be sure the solution is documented (Still TODO)

[AI] (Dave) as we go, document areas where SCIM may need improvement so we can add to the wishlist for SCIM 3. (ongoing TODO)  Page with list

[AI] Tom to bring pen testing need into TIER process (remains long term)

DISCUSSION

IAM ONLINE on Grouper - June 10, 2015

• June 10 IAM Online 2pm ET/ 11am PT - Confirmed speakers:
  

• UCLA (Albert Wu)  

• GEANT (Mandeep)  

• Oregon State University (Erica Lomax)

Emily will be scheduling a planning call for the IAM Online

Message Formats

(note that messaging is part of Post PSP Provisioning ) 

https://spaces.internet2.edu/display/Grouper/Grouper+Messaging+System 

https://spaces.internet2.edu/display/Grouper/Message+format+configuration+example 

Chris working on PoC implementation / config example (would have features like config files with overlays for inheritance)

• Suggestion to use a default message format for Grouper

• And also provide configurable message formats for other consumers, such as SCIM

-  Dave: better NOT to have static config files, rather  have dynamic features, this is the model used at Grouper at U. Chicago  (can be configured in real time by an admin)

-Chris: agreed, but config file should define some basics for each endpoint, such as encryption to be used

[AI] (Tom) invite Chris Phillips to an upcoming Grouper-Dev call

Jim: make it closer to SCIM, to connect it with the IETF working group, or provide a SCIM API

Chris: easier to implement and maintain if we make it closer to Grouper message format

But what about interoperability goal?

Message listener versus change log listener

Jim: Concern with AWS and issue of ordering

Microsoft AZURE may be a better or as good a choice

Chris: we do need ordering, we could model it thru AWS using DynamoDB

for AWS, can use internal system for main processing

We have endorsement of the documented approach,

We need to define: what is the use case of things that need to be dynamic.

Some things defined in the config, some things defined using attributes

U. Chicago has additional config options at runtime, such as where in LDAP to put a group object

Two or three essential use cases that we can use to validate the message related info on the wiki

-update a group

versus

-update a membership

ESB format versus change log consumer format

or in Dave’s example, comes from JSON

use namespace approach , as SCIM does?

Q: will callback always work with every message bus approach?

A: Chris: capabilities of message system does not matter, can use web services

Performance concern when every message goes back to Grouper to find additional data.

Better for the message to contain everything the consumer needs

What’s the best time to assemble all necessary data?

Best if it’s in the message

caching can create new problems (shared caches, expiration etc), enlarging the message itself if better

Dave can start on the message work, challenge is that every endpoint is different.

Jim: one size fits all does not work well,

-For changes and deletes to memberships you can include all data needed in the message

-For other changes, may need to go back to Grouper to get more data

Need a decision tree, summary of use cases on the wiki.

 

[AI] (Dave) will document on the wiki how the various use cases will be handled .

Is there a spec that can be useful both by Grouper and at least prospectively by other tools that manage groups? Or is this inherently a proprietary thing?

• Good to have messages self contained.

• Good if provisioner does not need to use Grouper API and Grouper web services

• Good to have fewer dependencies

How can we bake our proposed spec, ie, besides put it in Grouper and see how it works in the field?

• Challenging to have a spec gain standing so people will implement it.

• We should give the community a chance to see and modify it

• socialize at an ACAMP session?

• discuss with Chris Phillips of CANARIE, SCIM expert

 Grouper BOF at Global Summit http://meetings.internet2.edu/2015-global-summit/detail/10003772/

Chris: Good contribs have been happening from team members

PSU - Door access use case, Chris is helping them with that.

Univ of Edinburgh - thanks for the excellent contrib

Next Grouper Call: Wed. May 6, 2015 at noon ET

Emily Eisbruch, Work Group Lead, Trust and Identity
Internet2

office: +1-734-352-4996 | mobile +1-734-730-5749