WHAT IS TIER? WEBINAR
MARCH 4, 2015
MELISSA WOO, U OF OREGON,
ANN WEST, INTERNET2
What is TIER? Trust and Identity in Education and Research
What is TIER all about? -- The Environmental Context
March 5, 2015 © 2013 Internet2
• Federated Identity Management is essential for higher education
• But there are challenges – Individuals wish to retain digital identities across time and place – Trans-institutional collaborations and projects critical to scholarship
• None of the commercially-supported inter-organizational identity services provide the design, trust or global scale required for higher education
2
What is TIER all about? -- The Environmental Context, cont’d
March 5, 2015 © 2013 Internet2
• Many pieces are in place… – InCommon Federation – Shibboleth for SSO Authentication – Grouper for Authorization
• Many are evolving … – COmanage for Unified Administration – Privacy Lens for Discretionary Attribute Management
• But these pieces are … – not consistently organized – not readily interoperable – have no current mechanism for ongoing support and sustained development
3
TIER Unified Model
Secure Directory, Iden0ty and Metadata Services
Single Sign-‐on and Iden0ty Components
AuthN (Who)
Mul0 Factor Mul0-‐Level (Groups)
AuthZ (What)
Business Rules Engine / Grammar
Federated Registry (Directory Search / Lookup)
Network Objects (Files, Datasets, etc.)
People Files / Datasets Nodes
Metadata Registry Services
Persistence and Replica0on
Lightweight Workflow Services
Automated Provisioning / Deprovisioning
and Rules Enforcement
4
What is TIER all about? -- Summary
March 5, 2015 © 2013 Internet2
• Provide truly effective federated identity, attribute and authorization management
• Integrate the thinking of over a decade of community work in IAM
• Get it right, and make it coherent… – across the stack – across services – across institutions, organizations, groups
• Accelerate broad adoption and maturity of IAM across all participants
• Integrate existing components where possible
• Sustain development and support plan 5
Ini0a0ve • Iden0fied the Community Need
Program • Iden0fied the Need for A Call for Custodial and Ongoing (Sustaining) Support
Projects • The outcome of workshops and community iden0fied vigneUes illustra0ng the desired results
Trust and Identity in Education and Research
Time
TIER Evolution over Time
We are Here 6
Why is TIER important, now?
March 5, 2015 © 2013 Internet2
• Current development efforts that our Community is relying on don’t have a long-term sustainability model
• Increasing deployment of cloud services and need for inter-institutional collaboration requires a stable, integrated, community-wide platform and demands a re-engineered approach
• Varying degrees of maturity of identity management services across institutions provide timely opportunity to accelerate maturity and build coherence
• Attribute management (information about an identity) is as important as identity management
7
Why is TIER important, now?
March 5, 2015 © 2013 Internet2
• Risks of inaction
• This won’t get any easier or less complex
• Commercial services are being actively promoted in various deployment scenarios (e.g. research) thus increasing fragmentation of IAM Landscape
• Insufficient motivation for commercial services to get it right for Higher Education and Research
8
TIER will be architected to enable institutions positioned at different points on the IAM maturity model. • The continuum is not absolute, and
doesn’t correlate to an institution’s size.
Maturity Model Concept
Emerging
Established
Advanced
9
TIER for institutions with advanced IAM infrastructure
March 5, 2015 © 2013 Internet2
• Choose which cloud or on-premises components are useful and connect into/deploy
• Participate in aligning your practices to the community-defined set to ensure researchers, faculty, staff and students have the most up to date ability to access resources
10
TIER for institutions looking to revamp what they have
March 5, 2015 © 2013 Internet2
• Use a complete solution in cloud or on-prem. Integrates best of the community thinking on identity OR
• Leverage some of what you have and add pluggable components • Participate in aligning your practices to the community-defined set to
ensure researchers, faculty, staff and students have the most up to date ability to access resources
11
TIER Design, Development, Governance
March 5, 2015 © 2013 Internet2
• Consistent requirements gathering, design and execution cycle
• Multiple ways of contributing requirements, ideas and expertise
• Coordinated approach to enable Trust and Identity in Education and Research at scale for thousands of institutions and service providers while also satisfying diverse local use cases
12
• Structured as an Internet2 project
• TIER Community Investor Council • Committees
– InCommon Steering Committee (ICSC) – Service Development Steering Committee (SDSC) – External Relations Subcommittee (members from ICSC and SDSC)
Governance
13
Governance –TIER Community Investor Council
Klara Jelinkova University of Chicago, InCommon TBN University of Utah, Kuali Dennis Cromwell Indiana University, InCommon Eric Denna University of Maryland (also Kuali) Tracy Futhey Duke University Chris Holmes Baylor University, InCommon Ron Kraemer University of Notre Dame Kevin Morooney Penn State University (also Kuali) John O’Keefe Lafayette College (InCommon) Kelli Trosvig University of Washington (also Kuali) Melissa Woo University of Oregon, InCommon Shel Waggener Internet2
14
• Need Near-term Development and Sustaining
• Near-term: 42+ (more are welcome) schools signed up for a total of $75,000 each over three years ($25,000 annually)
– Accelerate development work, with consistent packaging for deployment
• Sustaining (in analysis and development)
– Dues increment for Internet2 members – Service subscription fees
Funding
15
• Webinars
• 3 workshops (2 completed; #3 April 8-9, Tempe AZ) – CIOs and Identity Services Architects – Identify requirements, guiding principles, early thoughts about first deliverables,
promote consistent expectations
• Documents available for public comment – Strawman Technical Roadmap – Case for TIER – State of TIER
• Website and mail lists – to be developed
Informing the Community & the Project
16
• Work with the Internet2 and InCommon communities to:
• Establish initial requirements coming out of workshops and other activities
• Propose first deliverables and publish for community review
• Develop decision, design, delivery and reporting process – Move from bootstrapping to first iteration of a scalable requirements gathering,
prioritization, integration/development, and release process
Definition and Development
17
Questions? Comments?
…and thank you for being on the call.
18