Time
S
Nick
Message
00:08 mbjones joined #dataverse
00:43 mbjones joined #dataverse
01:38 pdurbin_m joined #dataverse
02:32 searchbot joined #dataverse
02:40 pdurbin joined #dataverse
05:26 mbjones joined #dataverse
10:40 bencomp joined #dataverse
11:45 bencomp
pdurbin: I'm running into the problem of multiple accounts with the same username or email (https://redmine.hmdc.harvard.edu/issues/4090)
11:47 bencomp
and I would like to stress that duplicate usernames could happen when users update their profile
12:16 pdurbin
bencomp: you're running into this problem as you're playing around with Dataverse 4.0 at http://dataverse-demo.iq.harvard.edu ?
12:17 bencomp
pdurbin: good question, but no, in our production environment
12:18 pdurbin
interesting. I didn't know this problem affected DVN 3.x
12:19 bencomp
the way the federated login works doesn't help - wait… maybe it is all because of the federation
12:19 pdurbin
hmm. maybe
12:21 pdurbin
bencomp: today I'm hoping to deploy a war file built from your code with federated login
12:21 bencomp
cool, hope it'll work right away :)
12:22 pdurbin
me too :)
12:23 bencomp
I do find some issues in the account management for federated login
12:25 pdurbin
bencomp: like what?
12:28 bencomp
federated login looks for a user by email address
12:29 bencomp
normal login looks for a user by username
12:30 bencomp
it is both a feature and a bug; accounts can be pre-created by the librarian/front office, but since users can update their email address, they can make login break for others
12:31 bencomp
I'm not sure how to solve this one
12:39 pdurbin
bencomp: could federated login look for a user based on some unique identifier provided by the Identity Provider (IdP)?
12:39 bencomp
hmm, maybe add a username validation step: if account == federative (i.e. no password in DB ), then username must be email address
12:40 bencomp
and check for username instead of email
12:40 bencomp
there is none, other than email address
12:40 pdurbin
persistent-id:https://idp.testshib.org/idp/shibboleth!https://dvn-vm3.hmdc.harvard.edu/shibboleth!5HQ8MY1UftsM82eN3YvtQVAS7v0=
12:40 pdurbin
bencomp: I get that back from the TestShib IdP... a persistent-id
12:41 bencomp
let me check with Arnoud
12:41 pdurbin
ok
12:42 bencomp
(that may take a while, he's not in)
12:42 bencomp
need to talk to Eko too, so I don't expect a working solution today
12:42 pdurbin
no problem. and I'm out tomorrow and Friday (holiday here... Independence Day)
12:43 pdurbin
bencomp: you might be interested in this: updated UsersAndGroups.uml based on meeting with Michael and Raman · f5bd425 · IQSS/dataverse - https://github.com/IQSS/dataverse/commit/f5bd425ac5d7197a403da9718aaecdb75cb52dfe
12:43 bencomp
oh yes. alright
12:43 pdurbin
it's definitely a work in progress... but we continue to talk about how to design pluggable auth in Dataverse 4.0
12:44 pdurbin
my goal is to have a design to share with the dvn-auth group
12:45 pdurbin
before we start coding too much of it up
12:45 bencomp
great idea
12:45 pdurbin
if sbmarks were here, I'd show him that IP -based groups are in the design now
12:46 bencomp
is it forbidden to share github links via email? ;)
12:48 pdurbin
bencomp: hmm? :) of course not
12:50 pdurbin
oh. sure. I could email him. he'll probably show up here or on IM soon enough :)
12:50 bencomp
that's what i meant :)
12:50 bencomp
brb
12:54 sbmarks joined #dataverse
12:55 pdurbin
sbmarks: speak of the devil
12:55 pdurbin
bencomp: see? told ya
12:55 sbmarks
;)
12:55 sbmarks
pdurbin: a little prompting does wonders
12:56 pdurbin
sbmarks: it's your fault for not blocking me on IM
12:57 pdurbin
sbmarks: any thoughts on the persistent-id thing?
12:58 pdurbin
LyndsySimon: you know about Shibboleth
12:59 sbmarks
pdurbin: refresh my memory? it’s been a long canada day weekend....
13:03 pdurbin
sbmarks: in the code from bencomp's group the Shibboleth IdP provides the email address of the user and that's how the lookup for the user is done inside Dataverse. I was wondering if instead the lookup could be done by some unique identifier provided by the IdP. The TestShib IdP provides something called "persistent-id".
13:04 pdurbin
i.e. https://idp.testshib.org/idp/shibboleth!https://dvn-vm3.hmdc.harvard.edu/shibboleth!5HQ8MY1UftsM82eN3YvtQVAS7v0=
13:04 bencomp
pdurbin: it would mean that the id must be stored in the DB
13:05 pdurbin
yep. but that's fine
13:05 pdurbin
I would think
13:05 pdurbin
I mean, people's email addresses change... they get married, etc.
13:05 mbjones joined #dataverse
13:05 pdurbin
gotta look up by something unique
13:05 bencomp
currently the schema is the same as the vanilla schema
13:07 pdurbin
bencomp: right. no db changes. so we should be able to deploy that war
13:07 pdurbin
bencomp: really I'm talking about the 4.0 code base where we can change all sorts of things
13:07 bencomp
I get it. But we need a shorter-term solution too :)
13:08 pdurbin
bencomp: once we have Shibboleth at least half working in 4.0 I'd love for you to try it out :)
13:08 bencomp
I see SURFconext provides a persistent ID too
13:08 bencomp
https://wiki.surfnet.nl/display/surfconextdev/Attributes+in+SURFconext
13:10 bencomp
and that not all institutions may supply all attributes
13:10 bencomp
I think email addresses don't change here when people get married
13:10 pdurbin
I'm hearing about something called EPTID too. eduPersonTargetedID
13:11 pdurbin
or divorced
13:12 bencomp
EPTID, that's it
13:12 pdurbin
looks a lot like persistent-id from examples at http://support.aaf.edu.au/entries/22557828-Integrating-eduPersonTargetedID-EPTID-into-applications
13:13 bencomp
hm, I guess email address changes after divorce may happen, though I think at my old uni people usually have their own name to begin with
13:16 pdurbin
bencomp: anyway, thanks for bringing this up
13:16 pdurbin
maybe it's time for a Google Doc to collect all the requirements
13:17 bencomp
pdurbin: you're very welcome, thanks for pointing out EPTID
13:17 pdurbin
or edge cases to think about
13:18 pdurbin
bencomp: you can thank Kevin Foote for that
13:19 bencomp
KevinFoote++
13:19 bencomp
@karma
13:19 pdurbin
heh
13:20 bencomp
hmm, this isn't #code4lib
13:20 * pdurbin
eyes iqlogbot and searchbot
14:00 LyndsySimon
Working with Shibboleth, I treated the persistent-id field as a durable guid for the identity.
14:01 jwhitney joined #dataverse
14:02 LyndsySimon
It's conceptually roughly like the Twitter screen_name versus id: https://dev.twitter.com/docs/api/1.1/get/account/verify_credentials
14:03 LyndsySimon
It's possible to change your Twitter screen_name, but if you do you're still the same identity, logging in with the same password. Likewise, a user may change their email address with a Shibboleth IdP but would retain the identity when doing so.
14:30 pdurbin
LyndsySimon: right, you'd always want to use the id rather than the screen_name, which can change
14:31 pdurbin
bencomp: oh, so we were able to deploy the war file just fine. now to configure shibboleth, front glassfish with apache, etc
14:31 bencomp
pdurbin: nice :)
14:32 pdurbin
bencomp: do you know if we can just use a self-signed SSL cert?
14:33 bencomp
pdurbin: btw, did you see the DANS-KNAW/dvn repo? we're working on a more structured way of code review and deploying
14:33 bencomp
ehm, not sure
14:33 pdurbin
no...
14:34 pdurbin
searchbot: lucky DANS-KNAW/dvn github
14:34 searchbot
pdurbin: https://groups.google.com/d/topic/dataverse-community/iLs3HXbeU1E
14:34 * pdurbin
smacks searchbot
14:34 bencomp
I think you can, but doesn't testshib say anything about it?
14:34 pdurbin
yeah, it's more of a testshib question. I'll figure it out
14:35 bencomp
https://github.com/DANS-KNAW/dvn
14:35 pdurbin
hmm. I have not seen this
14:35 pdurbin
bencomp: is this where we should be building the war from?
14:35 jwhitney joined #dataverse
14:36 jwhitney1 joined #dataverse
14:37 bencomp
yes, this should be the code that we deployed - but note "should", we're almost in sync
14:37 pdurbin
I'm confused but that's ok
14:38 pdurbin
bencomp: "code from" at https://docs.google.com/document/d/1EYsCIjScrTN3aetBmFW19jZYlIWf2FtvnWa6otp8aaY/edit?usp=sharing says https://github.com/ekoi/dvn/tree/develop-shib right now
14:38 pdurbin
but we can change it
14:39 bencomp
pdurbin: it's mostly for me to get less confused about the commit we built from
14:40 pdurbin
bencomp: I'm happy to build from which ever repo and branch you want
14:42 axfelix joined #dataverse
14:43 bencomp
let me write it up in an email. my goal is to use the develop-shib branch on the DANS repo used for our acceptance server https://act.dataverse.nl and a master or master-shib branch for production builds
14:45 pdurbin
bencomp: perfect. you can send it to https://lists.iq.harvard.edu/mailman/listinfo/dvn-auth if you want
14:45 pdurbin
or just reply on the thread
14:46 pdurbin
"running the DANS Shibboleth code"
14:50 pdurbin
bencomp: I'm off to a meeting with jwhitney1 and axfelix in a few minutes
14:51 bencomp
I'm off for sushi in ~40 minutes
14:51 bencomp
muhahaha
14:52 bencomp
sorry :P
14:53 garnett joined #dataverse
14:53 * pdurbin
wants sushi
14:54 bencomp
pdurbin: will not save you some ;) email will come, but until then current repo/branch is fine to build from and pull requests are welcome
14:56 pdurbin
bencomp: no problem. here, I just made the jenkins job public so you can see where each build came from: https://build.hmdc.harvard.edu:8443/job/dvn36shibdans/
14:58 bencomp
oh, the joy of firewalls… can't connect to :8443 on the default network, but I cannot SSH to the servers on the other networks...
14:59 bencomp
will have to checkout the Jenkins later
15:08 pdurbin
axfelix: you run linux on your desktop too?
15:08 * pdurbin
swoons
15:18 axfelix
pdurbin: I do :)
15:29 * pdurbin
runs Fedora at home
15:30 axfelix
I'm not a big fan of RPM these days but I like that they actually ship up to date Gnome 3 since so few big distros do and it's so nice
15:34 garnett joined #dataverse
15:52 pdurbin
well, redhat leads gnome development, from what I can tell
15:54 pdurbin
axfelix: hey so, I didn't want to interrupt you further while you were presenting (thanks!) but I did want to ask you and jwhitney1 (and jeffspies_ and LyndsySimon) if you actually use the "deaccession" functionality in the Dataverse Data Deposit API
15:55 pdurbin
the reason I ask is that we're thinking about dropping support for it in that SWORD-based API (it would be moved to the "native" API)
15:55 pdurbin
I put a note about this at https://docs.google.com/document/d/11DpdKyp1tagmaJAAzRqQBEZEZ69WOOOYsoqhz8UsfNM/edit?usp=sharing
16:01 jwhitney1
The plugin doesn't *not* support deaccessioning, alhtough I think in practice it's unlikely to be used much.
16:01 pdurbin
jwhitney1: so you do expose a "deaccession" button?
16:02 jwhitney1
No, but a delete & a deaccession are the same from the plugin's point of view. If an article with attached data set is deleted in OJS after the dataset's been released, it's deaccessioned.
16:03 pdurbin
hmm. interesting. yes, I see here at least a comment about deaccessioning under the deleteStudy method: https://github.com/jwhitney/dataverse/blob/9e36cf1881dda4dfb06717da0e2d99de0b86a811/DataversePlugin.inc.php#L1295
16:03 jwhitney1
But it's fine if you want to drop support, since it seems to be outside the typical workflow (article accepted, then rejected, then deleted. Or published, then deleted).
16:04 pdurbin
published, then deleted? I'm confused by that part
16:05 jwhitney1
Yeah, it's unlikely. Published, then unpublished, then deleted.
16:06 pdurbin
ok. lemme send this chat log around to folks that were in the deaccessioning meeting. thanks
16:06 jwhitney1
The SWORD library's been updated to include error messages returned by the server, so the plugin can warn when trying to deaccession a dataset.
16:07 pdurbin
cool. in this case I was planning on thowing an error like "deacessioning is not supported. please the native api instead" (or whatever)
16:08 pdurbin
s/the/use the/
16:10 pdurbin
jeffspies_: how about OSF? I guess I could try it myself but then I'd have to make a real account on our production system :( . Do you allow deaccessioning of Dataverse studies via your add-on?
16:12 pdurbin
LyndsySimon: er. you've been active in here today. maybe you can nudge Robert for me? :)
16:12 LyndsySimon
Sure think.
16:12 LyndsySimon
thing*
16:12 pdurbin
\o/
17:20 jwhitney joined #dataverse
21:02 axfelix joined #dataverse
22:48 axfelix joined #dataverse
