Skip to end of metadata
Go to start of metadata

Logistics

Date and Time: April 12, 3-4 pm Eastern Time
Conference Dial-in Number: (218) 844-0850
Participant Access Code: 429965#
Facilitator: Eric Westfall

Agenda

  1. Roll-call - Eric Westfall
  2. Kuali Rice Implementation updates that anyone would like to share? - Eric Westfall
  3. Strategies for Securing web services over KSB and SOAP. - Warren Liang
  4. Kuali Rice Source Repository Usage - Casey Boettcher
  5. Improved Split Node Customization - Tim Carroll
  6. Additional agenda items?
  7. Future meetings topics?

Notes

Attendees

  • Eric Westfall - IU
  • Saurabh Ajmera - IU
  • Ailish Byrne - IU
  • Garey Taylor - UMD
  • Chris Hyzer - Penn
  • Jeremy Hanson - Iowa State
  • William Balderamos - Innovativ
  • Ron Splitgerber - CSU
  • Jonathan Keller - UC Davis
  • Warren Liang - UC Irvine
  • Farooq Sadiq - Kuali Foundation
  • Dan Seibert - UC San Diego
  • Aaron Hamid - Cornell

Strategies for Securing web services over KSB and SOAP. - Warren Liang

  • Warren - what we did at UCI was put rice into a quasi production mode to secure access to HR documents
    • what we want to do is prevent one application from being able to modify another applications roles, permissions, etc. via the KIM api
    • as we bring more applications to use the soap services provided by Rice, wondering how we can keep other departments from changing other departments roles and permissions
  • Eric - ah, yeah the KIM services really don't have the ability to get that fine-grained with authorization internally
    • one solution would be to "front" your KIM services with another service that provides that capability
  • Warren - is there a way to stop the ksbexporters from exporting? There are no bean ids in the spring files
    • Eric - the fact that there are no bean ids in there is a problem
      • we dealt with that here at IU by "patching" the delivered Rice spring files, not pretty but it works

Kuali Rice Source Repository Usage - Casey Boettcher

  • Casey is interested in learning how institutions are pulling rice code from the subversion repositories
  • Ailish - we have a process where our deployments check out KFS from the subversion repository as part of our build processes, but it doesn't do anything with the Rice repository
  • William - is it just the tags branches that you are looking at? sometimes i'll use the "branches" of Rice to see what the history was on certain changesets in order to do an upgrade process
    • understanding where the history is from subversion is pretty useful to me but I don't think that's related to Rice tags in SVN
  • Leo - currently getting our Rice distribution from rSmart (not anyone from rSmart on the call), so if any related changes here affected their process that would impact us
  • Aaron Hamid - we basically use the war overlay mechanism in Maven to grab a vanilla version of Rice with patches and whatnot to overlay on top of vanilla war
    • then we deploy our branded war
    • for KFS we have a project that pulls the built source and pulls that into the maven world and create an overlay
  • Farooq - I will send an email to the collab list and follow up with rSmart as well
  • Eric - regarding project layout and setup for a Rice implementation, how are others doing it?
    • at IU we have a project that we check in a copy of the Rice delivered standalone server war into
    • from there we have various source, web content, and library "patches" that we apply to that WAR to build the final IU war for deployment
    • we also have a process that builds out client libraries including all of our local customizations and patches
    • we don't use Maven at all at IU so it's all Ant-based
  • Chris - has anyone ever asked if the rice config and log4j can be put inside the war instead of being external
    • biggest thing to think about would be security here
    • at IU at least we aren't allowed to know the production database passwords
    • Chris - I'm actually still wanting to have some files external, but most of them in the war
  • Eric - we kind of do this, we have an internal rice-config.xml that we load from the classpath for common things that don't need to be overridden
    • Chris - we might be looking for something like what eric is describing
      • Eric - I will try and share with the list
  • Garey - at Maryland they've been talking about using JBoss and using the external configured stuff
    • Eric - I would be interested to hear how that is going
      • Garey - not so well, basically some weird classpath issues with Jboss, i will try and get the info together and share

Improved Split Node Customization - Tim Carroll

  • Tim is interested in looking at developing more customizable split nodes
  • Anyone who is interested in participating in brainstorming some ideas about this, let me know.

Future Agenda Items?

Dan - future agenda item, running KIM standalone
Ron - at some point it would be interesting to collaborate on federated

  • UC Davis - we are starting to talk about it because we may need to start talking about integrating with some of our other campuses
  • UCSD would also be interested in that conversation as well
  • Eric - if anyone is interested in leading a separate discussion group on this, please let me know
  • Eric - send link to the JA-SIG presentation on KIM

Action Items

  1. Eric - share what we are doing at IU to load internal rice configuration from the classpath
  2. Garey - share any information on issues they are having getting Rice to work in JBoss
  3. All - let Eric know if you are interested in collaborating on customizable split node configuration
  4. All - let Eric know if you are interested in participating in or leading an group to discuss strategies for federated identity and Kuali apps/KIM
  5. Eric - send a link to JA-SIG presentation on KIM
  • No labels