- Created by Erin Murtha on Oct 12, 2017
Logistics:
- Date: Tuesday, October 10th
- Time: 3:00 - 4:30 EST
- Call Coordinates:
- 1.408.740.7256
Participants:
- Colorado School of Mines
- Mike Erickson, Lead
- Matthew Brookover
- Clayton Durkee
- Ed Zucker
- Phil Promig
- Yuri Csapo
- Dave Leigh
- Colorado State University
- Scott Baily, Lead (out)
- Colorado State University
- Randy Miotke
- Pat Burns (out)
- Dave Hoffman
- Katie Banghart
- Jeff Ruch
- Georgia Tech
- Dusty Edenfield, Lead
- John Bryson (out)
- Bert Bee-Lindgren
- Lafayette College
- Bill Thompson, Lead
- Carl Waldbieser
- Janemarie Duh
- John O'Keefe (out)
- Oregon State University
- Erica Lomax, Lead
- Andy Morgan
- Rice University
- Dean Lane, Lead
- Brian Woods
- Paul Engle
- Liz Brigman (out)
- University of California, Merced
- Nick Dugan, Lead
- Michael Bergstrom
- John Kamminga
- Matthew Cato (out)
- Matthew Faulkner
- University of Illinois, Urbana-Champaign
- Keith Wessel, Lead
- Erik Coleman
- Tracy Tolliver
- Ester Cha
- University of Maryland Baltimore County
- Todd Haddaway, Lead
- Chris Sutherin
- Paul Riddle
- Jason Griego
- University of Michigan
- Liam Hoekenga, Lead
- Jack Stewart
- DePriest Dockins
- Amie Lahaan
- Internet 2
- Kevin Morooney (Program Sponsor)
- Ann West (TIER Community Lead)
- Steve Zoppi (TIER Development Lead)
- Erin Murtha (Project Manager)
- Glenn Lipscomb (Marketing Lead)
- Gail Krovitz (Community Engagement)
- Paul Caskey (TIER SME/Training Lead)
- Mike Zawacki (technical support)
Agenda:
Welcome and Program Overview: Kevin, Ann, & Steve
- The Plan for the Year: TechEx to TechEx
Agenda Bash
N/A
Introductions:
- Internet2
- TIER Peers - team intro by lead
- Key Area of Interest & Brief Statement of Work
- Notes are at the bottom of this agenda...
Questions for the TIER Peers:
- Are we ready to publish our list of participants to the broader community?
- Does this day of the week and time generally work for our bi-weekly sessions?
- A Proposal for How We'll Work:
Active and on-going collaboration
- Progressing project plans
- Working with your peers in the issues groups
- Engaging the community
- Aligned Project plans
- Public sections for publishing on the wiki
- Internal project sections for informing us what you need and sharing with each other
- Action Item: If you haven't already done so, please send your project plan along with your training/support needs to Erin Murtha (emurtha@internet2.edu) ASAP
- Attend two face-to-face meetings with training baked in
- First Meeting: Planning meeting for 1-3 folks per campus
- Goals:
- Get to know your fellow schools
- Share your dreams and realities
- Get guidance on your project plan.
- Identify key shared issues to work on.
- Attendance from management, technical, and operations recommended
- Each campus present their project
- Challenges, shared interests, next steps
- Identify additional shared areas of work
- Action Item:
- Assemble Program Committee: Let us know if you'd like to assist or want to host.
- TIER will pick up meeting expenses. Proposed duration 1.5 days
- Second meeting: Driven by you.
- Engaging in Bi-weekly Sessions
- Updates on progress and challenges
- Campus Leads to provide updates in advance of the meetings in a rolling google doc
- These updates are internal to the TIER Peers
- Format:
- First 30 minutes: Brief updates in the form of Work Done, Work Planned, Roadblocks (each campus will have 3 minutes to report out what's most important to share)
- Next 60 minutes: Leads kick off project-focused topics
- Program participants drive the agenda, Internet2 provide SME support as needed
- Working across the group, not just a report out.
- Community Rock Stars
- Want to make Rock Stars out of you!
- Enable the community to follow along in your progress.
- Each campus will be blogging on findings and progress
- Working with our marketing folks to develop ways to get the word out to the community about your projects and help them connect in.
- Set up blogs on the Internet2 blog site (feel free to use your own as well!) to give updates on what everyone is doing
- Opportunity to share within the TIER Peers or open to the community
Toolbox:
- Blue Jeans: web conferencing
- Box: file repository
- Confluence: program home, blogging, links to all campus' artifacts
- GitHub: code repository
- JIRA: planning and task management
- Slack: real-time collaboration and communications
- G-docs: collaboration, but only for short-term storage
- Key Areas of Interest and Roles:
- Proposed Key Topics to be Documented for Community
- Moving to DevOps environment (e.g. moving from vanilla component to TIER-Dockerized component; moving Shib to the cloud)
- Vendor Concerns: Contracting with a vendor to implement TIER: What do you need to know? Moving from a vendor IAM solution to TIER
- Supporting midPoint as your entity registry
- Grouper deployments and provisioning connectors
- Campus Roles:
- Area Lead
- Editor
- Subject Matter Expert
- Participant
- Action Item: Let us know your preferences!
Tools & Resources:
- Program Home: Wiki Space
- Campus artifacts
- Proposals
- Project Plans
- Report Outs/Blogs
- Other documentation
- Contact information for campuses
- Copies of any communications from Internet2 (webinars, training, etc)
- Monthly Report prepared by Internet2
- Audience: public
- Action Item: Set up a wiki account and work with Mike Zawacki (mzawacki@internet2.edu) to make sure you have the right access.
- Shared Calendar
- Feedback
- We will be asking all program participants for monthly feedback
Notes:
- Heartfelt thanks for everyone's efforts to bring this forward. We're her to help in any way that we can.
- TechEx to TechEx - thank you all for leading this effort.
- Keith Hazleton is lurking here - a great asset for midPoint.
- Introductions:
- Colorado School of Mines
- Currently utilizing AEGIS. Considered TIER before and now is the right time to adopt.
- Move away from this vendor based solution, use midPoint.
- New to containerized space; want to collaborate with others more experienced there.
- Interested in learning more about Grouper and possibly COmanage down the road (either as a follow up or second project)
- Interested in work with others using Banner to look at working implementations that tie things into Banner.
- Colorado State
- Project to start incorporating external identities into our framework and allow university to advance using social IDs (gmail, etc), parent access (FAMWEB), and former student access (RAMWEB)
- Using COmanage. Have a pilot up and running with advancement folks.
- Also using Grouper and SAML gateway
- Interested in looking at midPoint as Entity Reg for a future project.
- Using a homegrown identity system that they have been using for 17 years; need to advance beyond it.
- See advantages as easy maintenance, consistent builds across the institution
- Georgia Tech
- Focusing on Grouper.
- Have started a little bit, and have it working with Docker. Looking forward to learning more about the application and how to make it more robust (containerizing)
- Interested in learning quite a bit more about Docker and Grouper.
- Lafayette
- Interested in all the components. Already deployed many.
- They are excited about this effort and feel like it is an inflection point in the overall program
- Shib and Grouper are done but want to deploy the TIER versions
- They are using COmanage for managing identities for outside collaboraters/contractors
- Supporting components are also deployed for TIER based architecture
- Looking at midPoint to possibly replace an internal system
- Interested in Docker containerization
- TIER Shib as IDP is their first step. They hosted a training session earlier this year, and encouraged by what they say.
- Next, launch midPoint
- Depending on timing and progress of others, interested in deploying Grouper and Docker
- Need to address self-service account and account management
- Oregon State
- They just had a re-org so while very enthusiastic will be working to re-staff the project from their existing identity teams
- Looking to implement midPoint as their entity registry
- support internal/external accounts
- Interested in watching success of dockerizing ship, etc.
- Currently run Grouper and Shibboleth (sounds like they are interested in others' experiences to perhaps move to the TIER versions)
- Attempting to stand up more of Shib in AWS - move it to the cloud
- Rice
- Currently identity management system was built 12-15 years ago with several expansions.
- It's now fragile enough that changes can't easily be made.
- Ready to move into midPoint, can end up with a more modular and scalable solution
- First steps will be to move stand-alone Grouper and SHib into the TIER packaged versions.
- Hopefully then standing up midPoint in dev. - may get moved to production but likely not in the short term
- Currently using Banner, but no direct integration (it comes through a homegrown system that Banner set up).
- Mines will be looking at something that ties into Banner.
- UC Merced
- Have spent most of the past 5 years coming up with an exit strategy to move off of current registry platform
- Had an assessment done by I2 in 2015 that helped devise a roadmap
- Looking to replace current technology stack.
- Migrating off of WaveSet (converting 10k lines of code to Java) using a homegrown system called IDP loader (registry).
- Looking to accelerate transition to midPoint.
- midPoint is key area of focus
- Also intersted in Grouper. small installation of MS integrator to feed active directory and LDAP. Need proper group and role management. Migrated shib installation to cloud.
- May migrate to containerized version. Top to bottom TIER stack
- Relatively new to containers and Docker. Looking to engage in this area and gather expertise and feedback from others with more experience.
- Bill Thompson echoing the comment that this will be a great opportunity for these campuses to share information and work together to greater the whole IAM amongst everyone.
- U of Illinois
- They are looking to perhaps pull in some of the Big 10 Alliance members working on Provisioning/De-provisioning to become early adopters
- Currently running Shib and have for ~15 years
- Not yet running Grouper. Want to implement Grouper and move quickly to production - using Elastic Beanstalk
- Working with Consent and using RDS
- Interested in learning more about Grouper and sharing Docker knowledge
- Make a nice pair with GA Tech! Have found some unknowns around Grouper so looking forward to working those who know Grouper and moving more quickly. Like the Grouper Deployment Guide
- midPoint is being run for password synchronization.
- Interested in expanding midPoint - in the future may want to consider replacing their central person registry with this tool.
- UMBC
- Threefold:
- Role out Grouper in production fashion - dockerized version
- Auto provision groups across campus out to Google using Grouper as the conduit
- midPoint - have an aging internal homegrown system (15+ years). Patched and repatched.
- Want to replace bulk temporary accounts in this project
- Containerized midPoint version; proof of concept first but eventually replace their Registry
- Shib
- Mature shib environment, but would like docker container for IDP
- Have a legacy SSO system that handles all authentication. Need to understand how TIER shib version will play with this system.
- Agree that Bill Thompson's Grouper Deployment Guide was extremely helpful
- U of Michigan
- Interested in enterprise identity access management to better coordinate campus IAM with their health system (reduce redundancy)
- Primary interest for this program is to deploy Grouper
- Have a test instance that are managing a couple groups that are not currently being used for anything.
- This is a good time for UM to invest in Grouper
- Current identity management system has been in place for ~10 years
- Eventually interested in looking at containerization of Shib
- Will start with TIER distribution of Grouper in a container and moving more in a DevOps direction.
- Don't yet have a PM or Communications lead for this effort but working on it
- How We'll Work - ideas:
- Competing priorities - may want a monthly report out.
- Do a feedback time slot at end of meetings to see how it's working
- Will there be a one-to-one goal setting outside of the group meetings?
- TIER Peer Idea:
- Get feedback from each other and SMEs
- We'd like to get together for 1.5 days and include management, architecture, and operations present
- First day: presentations and look at what alignments there are
- Put together next steps for the program to be manifested into bi-weekly calls, what we produce for the community, and how this can drive a second face-to-face meeting
- Would be great if a couple campuses could help with planning
- Would like to get something going before year-end
- Need a site to host us (~50 people)
- Lafayette and Mines have volunteered. Others?
- We'll put out a poll for locations to see what works for everyone.
- Will need a calendar to find best time.
- Let's try to make it a one nighter to make it more practical. Agree it would be great to get into a room and talk things over.
- Consider a noon to noon style meeting
- Volunteers to help plan (we can get together at TechEx to sketch an agenda)
- Janemarie
- Bert
- Matt @ Mines
- Keith W.
- We can review all plans ahead of time to save time with presentations, etc.
- Idea:
- Put together some WGs before the face to face and share out ideas at the F2F meeting
- A table of attributes from the school.
- Who is interested in what TIER projects
- Current tools being used.
- Common bullet points and goals
- AI: Erin will create something in the wiki
- ERP systems, across the top and campuses can add their own columns. Enable the team to contribute and easily edit.
- Collaboration:
- Slack - are folks open to this? YES!
- Set up a channel for Grouper, midPoint, etc.
- Folks can join channels that they are interested in.
- Can also join some of the existing TIER WGs of interest
- Set up everyone with wiki access, etc.
- Interest Google Sheet:
- Need roles for each group
- Feedback for today:
- Good session +5
- Densely packed
- Helpful to see points of synergy
- TechEx
- Can be a lurker at TechEx meeting F2F, which includes information on direction of the program and work in-flight. AI: Let us know if you'd like to be on that list. Let Steve Zoppi know if you'd like to be included.
- Monday: after the reception, perhaps in the bar or near there, we can get together.
- We'll keep this time on-going
Recording of the meeting: https://bluejeans.com/s/vEwgA/
- No labels