Notes: TIER Ad Hoc Advisory call Dec. 18, 2015

 

wiki for this group

 

Attending:

Tom Barton

Nick Roy - InCommon/Internet2

Paul Caskey - Internet2

Helen Patton

Nate Klingenstein

Keith Hazelton

Ken Klingenstein

Ann West

Jacob Farmer

 Emily Eisbruch

regrets: JimJ, SteveZ

 

New Action Items

 

[AI] (Keith) research on ForgeRock OpenIdM and report back

[AI] (Nick) ask Leif re Person Registry (DONE)

[AI] (SteveZ) dig out and share TIER requirements regarding person registry

[AI] (Emily) add an additional off-week call for this TIER Ad Hoc Advisory Group on Friday, Jan 8, 2016  at 3pm ET (topics: CAPE charter and person registry).  This is to make up for the call missed due to the New Years Holiday.

Carry Over Action Items

  

[AI] (SteveZ) draft charter for TIER Instrumentation/Measurement working group; Jacob will also work on it

[AI] (Tom, Ann, DavidW, MikeZ) meet to move forward on the Doc Stewardship doc

  •  

    Update: call took place Friday, Dec. 18 at noon,
    David Walker doing good work on the plan.  
    A follow up call and docs to review planned for January 2016

     

 

TIER Person Registry

 

  • Review purpose/value of a TIER Person Registry (very briefly, be sure we’re on same page)

    • On list of deliverable for for Tier R2, end of 2016

  • Discuss criteria for (1) qualifying a candidate and for (2) selecting from among qualified candidates

 


 

  • Qualifying:

 

  • No license burden

  • Capable of running on several different database platforms, generally diverse technical environment

  • Not a dead product already

 


 

  • Selection:

 

  • Capable of large enterprise scale

  • Capable of complying with TIER API

  • Degree of compliance with some TIER-curated set of requirements (drawing on, eg,, Florida’s, CIFER API, TIER Functional Requirements)

  • Lends itself to the packaging environment

  • Ability to integrate with existing person match, and/or limited built-in person match implementation using configurable match criteria

 


 

  • Review the actual candidates

    • CommIT

      • Con: unique, almost the same as greenfield

      • Pro: has a provisioning engine based on ActiveMQ, probably similar to Grouper prov work done by CMU;

      • CommIT ActiveMQ feeds an LDAP directory, keeps it in sync with Person Registry; LDAP used by AuthN service.

    • COmanage

      • Pros

        • Quick look (Spherical Cow Group) shows “about 90% compliance” with CIFER API

        • Strong ID match API, a PoC implementation of the API has been done for UC Berkeley(?)

      • Cons

        • might be optimized for small scale (VOs)

        • may take some work to support enterprise scale

    • Penn State CPR

      • Pros

        • Penn State uses it in production

        • Apache 2.0 license

      • Cons

        • Unknown, needs fresh assessment

        • #FTE to make it fly

    • Rutgers OpenRegistry

      • This is a dead project - Nyet

    • greenfield build

      • Most expensive way to get this done, in general

        • Is this really most expensive?  Scaling something like COmanage may be quite expensive, for example. Just want to be sure we don’t dismiss out of hand.

    • any others?

      • Solicit from community only if there are no feasible options above

      • ForgeRock OpenIdM? (AI: Keith do research on ForgeRock OpenIdM and report back)

      • Has Leif written something?  Probably highly purpose built (AI: Nick to ask Leif re Person Registry)

 


 

  • Who else needs to have a voice in the outcome?

    • Component Architects Group?

      • Core interconnectivity/provisioning requirements

      • Person + principal registry / other core concepts

      • Are we really just advising CAG?

    • Florida/Duke/UWisc want to collab on a new PR for themselves. Might work for T shirts and produce requirements

  • Recommend process from here

    • Complete AIs

    • Give CAG feedback from this discussion plus AI results

    • Ask CAG to consult with Florida/Duke/UWisc on the above, perform assessment of Comanage and PSU CPR against those yardsticks

 


 

Keith: need to manage expectations for TIER Release 1

 

Tom: On the strawman TIER roadmap, Person Registry was not in TIER Release 1.

 

It’s in Release 2, in Dec. 2016

 

But worth starting work on the Person Registry ASAP

 



 

[AI] (SteveZ) dig out and share TIER requirements regarding person registry

 

TIER Working Groups - Brief updates

 

See TIER Working Group wiki page for links

 

  • Packaging: JimJ (absent)

  • Data Structures and APIs: KeithH

    • Always Up-to-Date WG Info: Cumulative meeting notes doc

    • Couple dozen attendees of WG meetings via Bluejeans

    • Clemson crew to do a webinar in January on their evolving “Adaptive Framework”

    • Group APIs update

      • Representations of the three most basic operations involving groups

        • group.getMembers()

        • person.getGroups()

        • person.isMemberOf(group)

      • Swagger 2.0 representation of VOOT2 basic API operations: ¾ done

      • Swagger 2.0 representation of basic API operations in SCIM: target: Dec. 23, 2015

      • Recommendations on comparable Grouper API definitions: target: Jan. 15

    • Person Registry APIs update

      • Duke, Univ. of Florida and UW-Madison are all on the verge of launching Identity Registry modernization projects. The three institutions have agreed to work with each other and with the TIER Data Structures and APIs WG

        • to define a set of shared, interoperable core API operations

        • to recommend that the future TIER Identity Registry project implement these core API operations

  • Security and Audit: HelenP

    • Helen met with SteveZ to get big picture

    • SteveZ mentioned sustainability

    • Helen is interested in knowing how the Security and Audit WG can provide value to each of the other Working Groups, where is help needed?

    • the current charter discussed first steps only

    • Helen may proposed tweaks to the charter

    • Soliciting folks to participate in Working Group

    • Plans to do inventory of skills of those who will be on the Security WG

    • First WG call planned for January

  • Component Architects: SteveZ

  • Consent update: Ken

  • TIER WG support - use COmanage?

 

Logistical framing for CAPE Charter 

 

  • Select editor(s)

    • TomB, Ann, Keith

  • Identify consultants and stakeholders

    • Official Curmudgeons

      • Scott Koranda (and potential editor)

      • Jill Gemmill

      • Licia Florena

      • Valter Nordh

      • Ann Harding

      • Leif

    • TCIC

    • TAC

    • Internet2 T&I leadership

    • CAG

    • InCommon Steering

    • ... and then ...

    • Public review process

  • Define process to move this along toward approved status, including time frames

    • Get through the groups above “… and then …“ by end of February

    • webinar to kick off public review period

    • [March] 4 weeks public review

    • [1st half April] accommodate review feedback

    • [2nd half April] blessing by TCIC/PAG/Steering and/or Internet2 T&I leadership (pick 1!)

    • Announce at Global Summit in Chicago, May 15-18, 2016

  • A little substantive discussion for benefit of editors

    • constituencies

    • transparency mechs

    • modus operandi

    • document processes

    • else?

 

TIER Roadmap

 

  • Do we need to update the strawman roadmap produced more than a year ago?

 


 

***** special off week call****

 

[AI] (Emily) add  an off-week call for this TIER Ad Hoc Advisory Group on Friday, Jan 8, 2016  at 3pm ET (topics: CAPE charter and person registry)

 

 

 

Next regular call: Friday, Jan 15, 2016 at 3pm ET

 


 

 

 

  • No labels