InCommon Steering Committee Minutes - May 7, 2018
Global Summit F2F
Attending: Brett Bieber, Pankaj Shah, Sean Reynolds, Ted Hanss, Mark Scheible, Michael Gettes, Melissa Woo, Ann West, Laura Paglione, Klara Jelinkova, Mike Erickson, Marty Ringle
With: Mike Zawacki, Kevin Morooney
Kevin provided background on the Trust/Identity PAG agendas to date. They have reviewed the Trust and Identity service portfolio (late last year) and the Trust and Identity business model over the last couple of months. Last month, they discussed some of the funding needs as the three-year TIER investment winds down.
Investment in the TIER components (primarily Shibboleth, Grouper, and COmanage) increased in two ways. In 2016, Internet2 increased member dues and increased its annual allocation to trust/identity software development from about $900,000 annually to $1,650,000 annually. Coincidentally, the TIER investor schools’ three-year commitment also started in 2016, providing $1,250,000 annually for three years. As a result, software engineering and development funding totalled $2,900,000 annually for 2016, 2017, and 2018. (Note that these numbers are only for software development, not all of trust and identity. The InCommon fees, for example, are not part of this.)
During this time, TIER core components have expanded and now include Shibboleth, Grouper, COmanage, RabbitMQ, midPoint, and MariaDB. Internet2 is the organizational home where these products are curated.
There ensued a broad discussion about the objectives for some of the software components.
COmanage
- Some Campus Success Program schools have interest in COmanage for enterprise applications. For example:
- Grad students coming into a project for set period
- Temporary workers (event staff, etc) that need to be seasonally provisioned/deprovisioned
- Internet2 is developing its own instance of COmanage for use internally and with community working groups and other uses
- These may all be good examples to highlight in marketing the software
Grouper
- Technical leadership is with Internet2. Chris Hyzer (University of Pennsylvania) is the the principal architect/developer.
- Install base is likely more than 100 institutions
- Kevin: Once you start to use COManage it’s easy to see the value in Grouper, which supports COManage. LIGO is one example of this stepped deployment. My observation is that people tend to glom onto it as the solution to a broad range of problems.
- Bill Thompson (Lafayette College) led a Grouper meeting at Global Summit and does a good job of translating between policy and technical needs. That approach seems to work well
- Melissa Woo commented that she overheard comments that a managed version of the service would be great. She also mentioned that SUNY would rather pay for a managed service than hire additional staff. Steve Zoppi responded that such a service could be built, provided there are enough buyers to make it worth doing.
Shibboleth
- Shibboleth has a number of differences from the other components. Oversight is by an international consortium, and there is a membership structure with fees. There have been funding and budget issues. A recent membership fee increase and an influx of new members (motivated by a change in the support model) have stabilized the finances, but there is still little funding to add features.
- TIER developers have been working on a GUI for Shibboleth, which should help smaller schools.
- 87% of the IdPs in eduGAIN use Shibboleth
Other Program Objectives
- Leverage other open source initiatives to minimize the financial impact/burden of creating new components
- RabbitMQ, midPoint, MariaDB all fall into this category.
TIER Program overview, impact
- Packaging of services has changed. New DevOps mentality is really exciting, both at Internet2 and at campuses that want to use services.
- Klara: Important to note that there was a serious question as to whether Internet2 could deliver software reliably and predictably. That we’ve done this is really noteworthy
There was a general discussion about sustainability, both for the software components and InCommon. There is now more overlap between campus infrastructure and Federation infrastructure. Steering will need to look at questions and funding and sustainability holistically. How does InCommon make the case for a fee increase in light of necessary development to the Federation infrastructure and services?
One method is to do more intentional planning and roadmapping. For the campuses, it would be helpful to have funding and fee increases mapped out for five years, and communicate that to the campuses. Some key considerations are funding for InCommon and how it interrelates with the software components, collaborations with regionals, and internal priority-setting.
There may be a need for greater communications and marketing outside of Internet2. There is a perception that the Internet2 brand is seen as exclusive/prohibitive. That is limiting for trust/identity, given the broader membership in InCommon. Klara mentioned that, because of this, InCommon should remain its own brand and not a merging of the two. What is relevant to Steering is to grow the InCommon brand and increase participation.
Are there other places and organizations we should look to for collaboration? The Quilt? EDUCAUSE? Individual regional meetings? How can we effectively communicate with non-IT areas? A bridge between identity and security may also help drive federation adoption.
Next steps - More development of priorities, a roadmap, and potential funding models.