Notes: TIER Ad Hoc Advisory call Dec. 18, 2015
Attending:
Tom Barton
Nick Roy - InCommon/Internet2
Paul Caskey - Internet2
Helen Patton
Nate Klingenstein
Keith Hazelton
Ken Klingenstein
Ann West
Jacob Farmer
Emily Eisbruch
regrets: JimJ, SteveZ
New Action Items
[AI] (Keith) research on ForgeRock OpenIdM and report back
[AI] (Nick) ask Leif re Person Registry (DONE)
[AI] (SteveZ) dig out and share TIER requirements regarding person registry
[AI] (Emily) add an additional off-week call for this TIER Ad Hoc Advisory Group on Friday, Jan 8, 2016 at 3pm ET (topics: CAPE charter and person registry). This is to make up for the call missed due to the New Years Holiday.
Carry Over Action Items
[AI] (SteveZ) draft charter for TIER Instrumentation/Measurement working group; Jacob will also work on it
[AI] (Tom, Ann, DavidW, MikeZ) meet to move forward on the Doc Stewardship doc
Update: call took place Friday, Dec. 18 at noon,
David Walker doing good work on the plan.
A follow up call and docs to review planned for January 2016
TIER Person Registry
Review purpose/value of a TIER Person Registry (very briefly, be sure we’re on same page)
On list of deliverable for for Tier R2, end of 2016
Discuss criteria for (1) qualifying a candidate and for (2) selecting from among qualified candidates
Qualifying:
No license burden
Capable of running on several different database platforms, generally diverse technical environment
Not a dead product already
Selection:
Capable of large enterprise scale
Capable of complying with TIER API
Degree of compliance with some TIER-curated set of requirements (drawing on, eg,, Florida’s, CIFER API, TIER Functional Requirements)
Lends itself to the packaging environment
Ability to integrate with existing person match, and/or limited built-in person match implementation using configurable match criteria
Review the actual candidates
CommIT
Con: unique, almost the same as greenfield
Pro: has a provisioning engine based on ActiveMQ, probably similar to Grouper prov work done by CMU;
CommIT ActiveMQ feeds an LDAP directory, keeps it in sync with Person Registry; LDAP used by AuthN service.
COmanage
Pros
Quick look (Spherical Cow Group) shows “about 90% compliance” with CIFER API
Strong ID match API, a PoC implementation of the API has been done for UC Berkeley(?)
Cons
might be optimized for small scale (VOs)
may take some work to support enterprise scale
Penn State CPR
Pros
Penn State uses it in production
Apache 2.0 license
Cons
Unknown, needs fresh assessment
#FTE to make it fly
Rutgers OpenRegistry
This is a dead project - Nyet
greenfield build
Most expensive way to get this done, in general
Is this really most expensive? Scaling something like COmanage may be quite expensive, for example. Just want to be sure we don’t dismiss out of hand.
any others?
Solicit from community only if there are no feasible options above
ForgeRock OpenIdM? (AI: Keith do research on ForgeRock OpenIdM and report back)
Has Leif written something? Probably highly purpose built (AI: Nick to ask Leif re Person Registry)
Who else needs to have a voice in the outcome?
Component Architects Group?
Core interconnectivity/provisioning requirements
Person + principal registry / other core concepts
Are we really just advising CAG?
Florida/Duke/UWisc want to collab on a new PR for themselves. Might work for T shirts and produce requirements
Recommend process from here
Complete AIs
Give CAG feedback from this discussion plus AI results
Ask CAG to consult with Florida/Duke/UWisc on the above, perform assessment of Comanage and PSU CPR against those yardsticks
Keith: need to manage expectations for TIER Release 1
Tom: On the strawman TIER roadmap, Person Registry was not in TIER Release 1.
It’s in Release 2, in Dec. 2016
But worth starting work on the Person Registry ASAP
[AI] (SteveZ) dig out and share TIER requirements regarding person registry
TIER Working Groups - Brief updates
See TIER Working Group wiki page for links
Packaging: JimJ (absent)
Data Structures and APIs: KeithH
Always Up-to-Date WG Info: Cumulative meeting notes doc
Couple dozen attendees of WG meetings via Bluejeans
Clemson crew to do a webinar in January on their evolving “Adaptive Framework”
Group APIs update
Representations of the three most basic operations involving groups
group.getMembers()
person.getGroups()
person.isMemberOf(group)
Swagger 2.0 representation of VOOT2 basic API operations: ¾ done
Swagger 2.0 representation of basic API operations in SCIM: target: Dec. 23, 2015
Recommendations on comparable Grouper API definitions: target: Jan. 15
Person Registry APIs update
Duke, Univ. of Florida and UW-Madison are all on the verge of launching Identity Registry modernization projects. The three institutions have agreed to work with each other and with the TIER Data Structures and APIs WG
to define a set of shared, interoperable core API operations
to recommend that the future TIER Identity Registry project implement these core API operations
Security and Audit: HelenP
Helen met with SteveZ to get big picture
SteveZ mentioned sustainability
Helen is interested in knowing how the Security and Audit WG can provide value to each of the other Working Groups, where is help needed?
the current charter discussed first steps only
Helen may proposed tweaks to the charter
Soliciting folks to participate in Working Group
Plans to do inventory of skills of those who will be on the Security WG
First WG call planned for January
Component Architects: SteveZ
Consent update: Ken
TIER WG support - use COmanage?
Logistical framing for CAPE Charter
Select editor(s)
TomB, Ann, Keith
Identify consultants and stakeholders
Official Curmudgeons
Scott Koranda (and potential editor)
Jill Gemmill
Licia Florena
Valter Nordh
Ann Harding
Leif
TCIC
TAC
Internet2 T&I leadership
CAG
InCommon Steering
... and then ...
Public review process
Define process to move this along toward approved status, including time frames
Get through the groups above “… and then …“ by end of February
webinar to kick off public review period
[March] 4 weeks public review
[1st half April] accommodate review feedback
[2nd half April] blessing by TCIC/PAG/Steering and/or Internet2 T&I leadership (pick 1!)
Announce at Global Summit in Chicago, May 15-18, 2016
A little substantive discussion for benefit of editors
constituencies
transparency mechs
modus operandi
document processes
else?
TIER Roadmap
Do we need to update the strawman roadmap produced more than a year ago?
***** special off week call****
[AI] (Emily) add an off-week call for this TIER Ad Hoc Advisory Group on Friday, Jan 8, 2016 at 3pm ET (topics: CAPE charter and person registry)
Next regular call: Friday, Jan 15, 2016 at 3pm ET