Signet Working Group call January 5, 2007

Signet Working Group conference call
January 5, 2007

*Attendees*
Lynn McRae, Stanford U. (chair)
Dave Donnelly, Stanford U.
Andrea Beasing, Cornell U.
Joy Veronneau, Cornell U.
Tom Barton, U. Chicago
Renee Frost, Internet2
Steve Olshansky, Internet2
Jessica Bibbee, Internet2 (scribe)

New *Action Items*
[AI] {Andrea} will float the self-assessment tool from CAMP, “A Look at Ourselves,” to the EDUCAUSE Identity Management mailing list, and request that people fill out & share their scores with her for a compilation.
[AI] {Dave} will query the list for alternatives of connection and session pooling.
[AI] {Jessica} will email the signet mailing lists to point out the wikis, documentation and upcoming changes, as well as to request feedback on format and content.
[AI] {Dave} will look into the Subject API and review the Signet specific JDBC source adapter to see if it is possible to have 2 alternative means to bring in subject attributes.

Carry Over *Action Items*
[AI] {Lynn} volunteered to relocate items to the I2MI-Common, such as loading tools, etc. (9-Sep-06)
[AI] {Dave} will update the requirements text to reflect the upgrade to Java 1.5. (18-Aug-06)
[AI] {Tom} will email the grouper- and signet-user mailing lists to probe for issues related to versioning changes. (18-Aug-06)
[AI] {Tom} will email the list with potential contacts at Macquarie University. (18-Aug-06)
[AI] {Lynn} will request use cases and other agenda topics for the CAMP program. (21-Jul-06)
[AI] Contact {Lynn} if you identify additional functional requirements for your local project. (28-Apr)
[AI] {Bob} will send .htaccess local syntax to the group via the list.
[AI] {Group} will develop use cases for Signet.
[AI] {Minh} will develop a list of requirements for how Signet will interface with LDAP and Grouper.
[AI] {Lynn} will write up a person and function summary to express the relationship of privileges to roles and to determine what gets expressed in the eduPerson entitlement space.

Dave’s *Agenda*
1. Hibernate 3.2 migration status
2. Reassessment of 3rd-party library requirements
3. Proposed additions to i2mi-commons
4. Things left to do before release of Signet 1.2

*Discussion*
{Lynn} gave a brief synopsis of the Denver CAMP and the Fall 2006 Internet2 Member Meeting in Chicago. There were three consistent themes as a result of discussion: there is 1) an interest in engineering technical documentation for capabilities of API, more than for just the UI, 2) a need for integration points, and 3) a need for web services. For Signet, this translates to raw authorization for permissions; it would offer an Authorization style of web services.

{Tom} suggested that the self-assessment tool be forwarded to the EDUCAUSE Identity Management mailing list, with feedback collected. [AI] {Andrea} will float the self-assessment tool from CAMP, “A Look at Ourselves,” to the EDUCAUSE Identity Management mailing list, and request that people fill out & share their scores with her for a compilation.

{Lynn} reviewed the recent discussion (19-Dec) on Hibernate in the open-source context. The attendees agreed that their comfort level increased once they decided to have Hibernate do less. Their concern was related to the level of complexity for subjects and also persisted subjects – there are subjects with assignments, subjects who have grantors and grantees.

{Dave} said they will use a hybrid of DAO and Hibernate; it will mean more maintenance on the developers’ behalf, but it will actually simplify the code. {Tom} said Blair Christensen may restructure the Grouper code to incorporate DAO by the end of January. Blair was to test, though not for production, by swapping Hibernate with ObjectDB, which is an object implementation of a java database. {Dave} had asked if anyone had looked into the Java persistence layer. {Mike Douglass} of RPI was pleased with the ease of transition and urged others to also move to Hibernate 3.2.

The next release of Signet will be v1.2 and may or may not try to include the latest Hibernate version. They will need to look at the innards and documentation, while assessing the impact on existing code and timeline. Both Grouper and Signet will need to consider these things while thinking about moving to their next release. By the next Working Group call, {Lynn and Dave} ought to be able to announce a proposed date for the v1.2 release. [AI] {Jessica} will email the signet mailing lists to point out the wikis, documentation and upcoming changes, as well as to request feedback on format and content.

{Lynn} is hoping to share results of load performance, stress testing, and also Signet session. Connections are expensive, while sessions are cheap and should be open around any set of transactions. [AI] {Dave} will query the list for alternatives of connection and session pooling.

{Dave} has made a minor modification to the signet Subject API code to allow for extension of some of the classes, and has also extended the JDBC class and made it a part of Signet. That was done to support the multiple-values for an attribute for a subject. This change should have little impact on anyone using the Subject API. {Tom’s} request that this be placed back into the subject distribution was countered by the fact that it was only for a demonstration of that capability. It is specific to the database and memory model that they are using for Signet, though is not generic enough to be helpful to others. {Tom} insisted it would be great if it could be included in the distribution, and {Dave} said they would look into it. [AI] {Dave} will look into the Subject API and review the Signet specific JDBC source adapter to see if it is possible to have 2 alternative means to bring in subject attributes.

As a last topic, {Tom} shared an update about U. Chicago approving an integration with Signet. He explained how they do not have a fixed hierarchy and the structure is up to the business heads, without regard to the central structure. In order for delegate authority to be adopted, they will need some capability to adopt their structure along the lines in which they delegate. U. Chicago will be deploying Signet as an approval manager at first, not an authority manager aside from simple cases. {Tom} expressed interest in possibly having the Signet developers join these regular calls as they progress in their implementation.

The next Signet Working Group call will be on Friday, January 19, 2007 at 11am EDT.