Download Report

MELISSA WOO, U OF OREGON,
ANN WEST, INTERNET2
WHAT IS TIER? WEBINAR
MARCH 4, 2015
What is TIER?
Trust and
Identity in
Education and
Research
What is TIER all about? -- The Environmental Context
• 
Federated Identity Management is essential for higher education
• 
But there are challenges
–  Individuals wish to retain digital identities across time and place
–  Trans-institutional collaborations and projects critical to scholarship
• 
None of the commercially-supported inter-organizational identity services
provide the design, trust or global scale required for higher education
2
March 5, 2015
© 2013 Internet2
What is TIER all about? -- The Environmental Context, cont’d
• 
Many pieces are in place…
–  InCommon Federation
–  Shibboleth for SSO Authentication
–  Grouper for Authorization
• 
Many are evolving …
–  COmanage for Unified Administration
–  Privacy Lens for Discretionary Attribute Management
• 
But these pieces are …
–  not consistently organized
–  not readily interoperable
–  have no current mechanism for ongoing support and sustained development
3
March 5, 2015
© 2013 Internet2
TIER Unified Model
Secure Directory, Iden0ty and Metadata Services Single Sign-‐on and Iden0ty Components AuthN (Who) Mul0 Factor 4
Mul0-‐Level (Groups) Lightweight Workﬂow Services Persistence and Replica0on Automated Provisioning / Deprovisioning and Rules Enforcement Federated Registry (Directory Search / Lookup) AuthZ (What) Business Rules Engine / Grammar Metadata Registry Services Network Objects (Files, Datasets, etc.) People Files / Datasets Nodes What is TIER all about? -- Summary
• 
Provide truly effective federated identity, attribute and authorization
management
• 
Integrate the thinking of over a decade of community work in IAM
• 
Get it right, and make it coherent…
–  across the stack
–  across services
–  across institutions, organizations, groups
5
• 
Accelerate broad adoption and maturity of IAM across all participants
• 
Integrate existing components where possible
• 
Sustain development and support plan
March 5, 2015
© 2013 Internet2
Trust and Identity in Education and Research
TIER Evolution
over Time
Projects Program Ini0a0ve •  Iden0ﬁed the Community Need •  Iden0ﬁed the Need for A Call for Custodial and Ongoing (Sustaining) Support Time 6
We are Here •  The outcome of workshops and community iden0ﬁed vigneUes illustra0ng the desired results Why is TIER important, now?
7
• 
Current development efforts that our Community is relying on don’t
have a long-term sustainability model
• 
Increasing deployment of cloud services and need for interinstitutional collaboration requires a stable, integrated, communitywide platform and demands a re-engineered approach
• 
Varying degrees of maturity of identity management services across
institutions provide timely opportunity to accelerate maturity and build
coherence
• 
Attribute management (information about an identity) is as important
as identity management
March 5, 2015
© 2013 Internet2
Why is TIER important, now?
• 
Risks of inaction
• 
This won’t get any easier or less complex
• 
Commercial services are being actively promoted in various
deployment scenarios (e.g. research) thus increasing fragmentation
of IAM Landscape
• 
Insufficient motivation for commercial services to get it right for
Higher Education and Research
8
March 5, 2015
© 2013 Internet2
Maturity Model Concept
Emerging TIER will be architected to enable
institutions positioned at different points on
the IAM maturity model.
• 
Established Advanced 9
The continuum is not absolute, and
doesn’t correlate to an institution’s size.
TIER for institutions with advanced IAM infrastructure
• 
Choose which cloud or on-premises components are useful and
connect into/deploy
• 
Participate in aligning your practices to the community-defined set to
ensure researchers, faculty, staff and students have the most up to
date ability to access resources
10
March 5, 2015
© 2013 Internet2
TIER for institutions looking to revamp what they have
• 
Use a complete solution in cloud or on-prem. Integrates best of the
community thinking on identity OR
• 
Leverage some of what you have and add pluggable components
• 
Participate in aligning your practices to the community-defined set to
ensure researchers, faculty, staff and students have the most up to
date ability to access resources
11
March 5, 2015
© 2013 Internet2
TIER Design, Development, Governance
•  Consistent requirements gathering, design and execution
cycle
•  Multiple ways of contributing requirements, ideas and
expertise
•  Coordinated approach to enable Trust and Identity in
Education and Research at scale for thousands of institutions
and service providers while also satisfying diverse local use
cases
12
March 5, 2015
© 2013 Internet2
Governance
• 
Structured as an Internet2 project
• 
TIER Community Investor Council
• 
Committees
–  InCommon Steering Committee (ICSC)
–  Service Development Steering Committee (SDSC)
–  External Relations Subcommittee (members from ICSC and SDSC)
13
Governance –TIER Community Investor Council
Klara Jelinkova
TBN
Dennis Cromwell
Eric Denna
Tracy Futhey
Chris Holmes
Ron Kraemer
Kevin Morooney
John O’Keefe
Kelli Trosvig
Melissa Woo
Shel Waggener
14
University of Chicago, InCommon
University of Utah, Kuali
Indiana University, InCommon
University of Maryland (also Kuali)
Duke University
Baylor University, InCommon
University of Notre Dame
Penn State University (also Kuali)
Lafayette College (InCommon)
University of Washington (also Kuali)
University of Oregon, InCommon
Internet2
Funding
• 
Need Near-term Development and Sustaining
• 
Near-term: 42+ (more are welcome) schools signed up for a total of $75,000
each over three years ($25,000 annually)
–  Accelerate development work, with consistent packaging for deployment
• 
Sustaining (in analysis and development)
–  Dues increment for Internet2 members
–  Service subscription fees
15
Informing the Community & the Project
• 
Webinars
• 
3 workshops (2 completed; #3 April 8-9, Tempe AZ)
–  CIOs and Identity Services Architects
–  Identify requirements, guiding principles, early thoughts about first deliverables,
promote consistent expectations
• 
Documents available for public comment
–  Strawman Technical Roadmap
–  Case for TIER
–  State of TIER
• 
16
Website and mail lists – to be developed
Definition and Development
• 
Work with the Internet2 and InCommon communities to:
• 
Establish initial requirements coming out of workshops and other activities
• 
Propose first deliverables and publish for community review
• 
Develop decision, design, delivery and reporting process
–  Move from bootstrapping to first iteration of a scalable requirements gathering,
prioritization, integration/development, and release process
17
Questions?
Comments?
…and thank you for being on the call.
18