WHAT IS TIER? WEBINAR

MARCH 4, 2015

MELISSA WOO, U OF OREGON,

ANN WEST, INTERNET2

What is TIER? Trust and Identity in Education and Research

What is TIER all about? -- The Environmental Context

March 5, 2015 © 2013 Internet2

•  Federated Identity Management is essential for higher education

•  But there are challenges –  Individuals wish to retain digital identities across time and place –  Trans-institutional collaborations and projects critical to scholarship

•  None of the commercially-supported inter-organizational identity services provide the design, trust or global scale required for higher education

2

What is TIER all about? -- The Environmental Context, cont’d

March 5, 2015 © 2013 Internet2

•  Many pieces are in place… –  InCommon Federation –  Shibboleth for SSO Authentication –  Grouper for Authorization

•  Many are evolving … –  COmanage for Unified Administration –  Privacy Lens for Discretionary Attribute Management

•  But these pieces are … –  not consistently organized –  not readily interoperable –  have no current mechanism for ongoing support and sustained development

3

TIER Unified Model

Secure  Directory,  Iden0ty  and  Metadata  Services  

Single  Sign-­‐on  and  Iden0ty  Components  

AuthN  (Who)  

Mul0  Factor   Mul0-­‐Level  (Groups)  

AuthZ  (What)  

Business  Rules  Engine  /  Grammar  

Federated  Registry    (Directory  Search  /  Lookup)  

Network  Objects  (Files,  Datasets,  etc.)  

People   Files  /  Datasets   Nodes  

Metadata  Registry  Services  

Persistence  and  Replica0on  

Lightweight  Workflow  Services  

Automated  Provisioning  /  Deprovisioning  

and  Rules  Enforcement  

4

What is TIER all about? -- Summary

March 5, 2015 © 2013 Internet2

•  Provide truly effective federated identity, attribute and authorization management

•  Integrate the thinking of over a decade of community work in IAM

•  Get it right, and make it coherent… –  across the stack –  across services –  across institutions, organizations, groups

•  Accelerate broad adoption and maturity of IAM across all participants

•  Integrate existing components where possible

•  Sustain development and support plan 5

Ini0a0ve  •  Iden0fied  the  Community  Need  

Program  •  Iden0fied  the  Need  for  A  Call  for  Custodial  and  Ongoing  (Sustaining)  Support  

Projects  •  The  outcome  of  workshops  and  community  iden0fied  vigneUes  illustra0ng  the  desired  results  

Trust and Identity in Education and Research

Time  

TIER Evolution over Time

We  are  Here  6

Why is TIER important, now?

March 5, 2015 © 2013 Internet2

•  Current development efforts that our Community is relying on don’t have a long-term sustainability model

•  Increasing deployment of cloud services and need for inter-institutional collaboration requires a stable, integrated, community-wide platform and demands a re-engineered approach

•  Varying degrees of maturity of identity management services across institutions provide timely opportunity to accelerate maturity and build coherence

•  Attribute management (information about an identity) is as important as identity management

7

Why is TIER important, now?

March 5, 2015 © 2013 Internet2

•  Risks of inaction

•  This won’t get any easier or less complex

•  Commercial services are being actively promoted in various deployment scenarios (e.g. research) thus increasing fragmentation of IAM Landscape

•  Insufficient motivation for commercial services to get it right for Higher Education and Research

8

TIER will be architected to enable institutions positioned at different points on the IAM maturity model. •  The continuum is not absolute, and

doesn’t correlate to an institution’s size.

Maturity Model Concept

Emerging  

Established  

Advanced  

9

TIER for institutions with advanced IAM infrastructure

March 5, 2015 © 2013 Internet2

•  Choose which cloud or on-premises components are useful and connect into/deploy

•  Participate in aligning your practices to the community-defined set to ensure researchers, faculty, staff and students have the most up to date ability to access resources

10

TIER for institutions looking to revamp what they have

March 5, 2015 © 2013 Internet2

•  Use a complete solution in cloud or on-prem. Integrates best of the community thinking on identity OR

•  Leverage some of what you have and add pluggable components •  Participate in aligning your practices to the community-defined set to

ensure researchers, faculty, staff and students have the most up to date ability to access resources

11

TIER Design, Development, Governance

March 5, 2015 © 2013 Internet2

•  Consistent requirements gathering, design and execution cycle

•  Multiple ways of contributing requirements, ideas and expertise

•  Coordinated approach to enable Trust and Identity in Education and Research at scale for thousands of institutions and service providers while also satisfying diverse local use cases

12

•  Structured as an Internet2 project

•  TIER Community Investor Council •  Committees

–  InCommon Steering Committee (ICSC) –  Service Development Steering Committee (SDSC) –  External Relations Subcommittee (members from ICSC and SDSC)

Governance

13

Governance –TIER Community Investor Council

Klara Jelinkova University of Chicago, InCommon TBN University of Utah, Kuali Dennis Cromwell Indiana University, InCommon Eric Denna University of Maryland (also Kuali) Tracy Futhey Duke University Chris Holmes Baylor University, InCommon Ron Kraemer University of Notre Dame Kevin Morooney Penn State University (also Kuali) John O’Keefe Lafayette College (InCommon) Kelli Trosvig University of Washington (also Kuali) Melissa Woo University of Oregon, InCommon Shel Waggener Internet2

14

•  Need Near-term Development and Sustaining

•  Near-term: 42+ (more are welcome) schools signed up for a total of $75,000 each over three years ($25,000 annually)

–  Accelerate development work, with consistent packaging for deployment

•  Sustaining (in analysis and development)

–  Dues increment for Internet2 members –  Service subscription fees

Funding

15

•  Webinars

•  3 workshops (2 completed; #3 April 8-9, Tempe AZ) –  CIOs and Identity Services Architects –  Identify requirements, guiding principles, early thoughts about first deliverables,

promote consistent expectations

•  Documents available for public comment –  Strawman Technical Roadmap –  Case for TIER –  State of TIER

•  Website and mail lists – to be developed

Informing the Community & the Project

16

•  Work with the Internet2 and InCommon communities to:

•  Establish initial requirements coming out of workshops and other activities

•  Propose first deliverables and publish for community review

•  Develop decision, design, delivery and reporting process –  Move from bootstrapping to first iteration of a scalable requirements gathering,

prioritization, integration/development, and release process

Definition and Development

17

Questions? Comments?

…and thank you for being on the call.

18