Are we ready to publish our list of participants to the broader community?
Does this day of the week and time generally work for our bi-weekly sessions?
A Proposal for How We'll Work:
Active and on-going collaboration
Progressing project plans
Working with your peers in the issues groups
Engaging the community
Aligned Project plans
Public sections for publishing on the wiki
Internal project sections for informing us what you need and sharing with each other
Action Item: If you haven't already done so, please send your project plan along with your training/support needs to Erin Murtha (emurtha@internet2.edu) ASAP
Attend two face-to-face meetings with training baked in
First Meeting: Planning meeting for 1-3 folks per campus
Goals:
Get to know your fellow schools
Share your dreams and realities
Get guidance on your project plan.
Identify key shared issues to work on.
Attendance from management, technical, and operations recommended
Each campus present their project
Challenges, shared interests, next steps
Identify additional shared areas of work
Action Item:
Assemble Program Committee: Let us know if you'd like to assist or want to host.
TIER will pick up meeting expenses. Proposed duration 1.5 days
Second meeting: Driven by you.
Engaging in Bi-weekly Sessions
Updates on progress and challenges
Campus Leads to provide updates in advance of the meetings in a rolling google doc
These updates are internal to the TIER Peers
Format:
First 30 minutes: Brief updates in the form of Work Done, Work Planned, Roadblocks (each campus will have 3 minutes to report out what's most important to share)
Next 60 minutes: Leads kick off project-focused topics
Program participants drive the agenda, Internet2 provide SME support as needed
Working across the group, not just a report out.
Community Rock Stars
Want to make Rock Stars out of you!
Enable the community to follow along in your progress.
Each campus will be blogging on findings and progress
Working with our marketing folks to develop ways to get the word out to the community about your projects and help them connect in.
Set up blogs on the Internet2 blog site (feel free to use your own as well!) to give updates on what everyone is doing
Opportunity to share within the TIER Peers or open to the community
Toolbox:
Blue Jeans: web conferencing
Box: file repository
Confluence: program home, blogging, links to all campus' artifacts
GitHub: code repository
JIRA: planning and task management
Slack: real-time collaboration and communications
G-docs: collaboration, but only for short-term storage
Key Areas of Interest and Roles:
Proposed Key Topics to be Documented for Community
Moving to DevOps environment (e.g. moving from vanilla component to TIER-Dockerized component; moving Shib to the cloud)
Vendor Concerns: Contracting with a vendor to implement TIER: What do you need to know? Moving from a vendor IAM solution to TIER
We will be asking all program participants for monthly feedback
Notes:
Heartfelt thanks for everyone's efforts to bring this forward. We're her to help in any way that we can.
TechEx to TechEx - thank you all for leading this effort.
Keith Hazleton is lurking here - a great asset for midPoint.
Introductions:
Colorado School of Mines
Currently utilizing AEGIS. Considered TIER before and now is the right time to adopt.
Move away from this vendor based solution, use midPoint.
New to containerized space; want to collaborate with others more experienced there.
Interested in learning more about Grouper and possibly COmanage down the road (either as a follow up or second project)
Interested in work with others using Banner to look at working implementations that tie things into Banner.
Colorado State
Project to start incorporating external identities into our framework and allow university to advance using social IDs (gmail, etc), parent access (FAMWEB), and former student access (RAMWEB)
Using COmanage. Have a pilot up and running with advancement folks.
Also using Grouper and SAML gateway
Interested in looking at midPoint as Entity Reg for a future project.
Using a homegrown identity system that they have been using for 17 years; need to advance beyond it.
See advantages as easy maintenance, consistent builds across the institution
Georgia Tech
Focusing on Grouper.
Have started a little bit, and have it working with Docker. Looking forward to learning more about the application and how to make it more robust (containerizing)
Interested in learning quite a bit more about Docker and Grouper.
Lafayette
Interested in all the components. Already deployed many.
They are excited about this effort and feel like it is an inflection point in the overall program
Shib and Grouper are done but want to deploy the TIER versions
They are using COmanage for managing identities for outside collaboraters/contractors
Supporting components are also deployed for TIER based architecture
Looking at midPoint to possibly replace an internal system
Interested in Docker containerization
TIER Shib as IDP is their first step. They hosted a training session earlier this year, and encouraged by what they say.
Next, launch midPoint
Depending on timing and progress of others, interested in deploying Grouper and Docker
Need to address self-service account and account management
Oregon State
They just had a re-org so while very enthusiastic will be working to re-staff the project from their existing identity teams
Looking to implement midPoint as their entity registry
support internal/external accounts
Interested in watching success of dockerizing ship, etc.
Currently run Grouper and Shibboleth (sounds like they are interested in others' experiences to perhaps move to the TIER versions)
Attempting to stand up more of Shib in AWS - move it to the cloud
Rice
Currently identity management system was built 12-15 years ago with several expansions.
It's now fragile enough that changes can't easily be made.
Ready to move into midPoint, can end up with a more modular and scalable solution
First steps will be to move stand-alone Grouper and SHib into the TIER packaged versions.
Hopefully then standing up midPoint in dev. - may get moved to production but likely not in the short term
Currently using Banner, but no direct integration (it comes through a homegrown system that Banner set up).
Mines will be looking at something that ties into Banner.
UC Merced
Have spent most of the past 5 years coming up with an exit strategy to move off of current registry platform
Had an assessment done by I2 in 2015 that helped devise a roadmap
Looking to replace current technology stack.
Migrating off of WaveSet (converting 10k lines of code to Java) using a homegrown system called IDP loader (registry).
Looking to accelerate transition to midPoint.
midPoint is key area of focus
Also intersted in Grouper. small installation of MS integrator to feed active directory and LDAP. Need proper group and role management. Migrated shib installation to cloud.
May migrate to containerized version. Top to bottom TIER stack
Relatively new to containers and Docker. Looking to engage in this area and gather expertise and feedback from others with more experience.
Bill Thompson echoing the comment that this will be a great opportunity for these campuses to share information and work together to greater the whole IAM amongst everyone.
U of Illinois
They are looking to perhaps pull in some of the Big 10 Alliance members working on Provisioning/De-provisioning to become early adopters
Currently running Shib and have for ~15 years
Not yet running Grouper. Want to implement Grouper and move quickly to production - using Elastic Beanstalk
Working with Consent and using RDS
Interested in learning more about Grouper and sharing Docker knowledge
Make a nice pair with GA Tech! Have found some unknowns around Grouper so looking forward to working those who know Grouper and moving more quickly. Like the Grouper Deployment Guide
midPoint is being run for password synchronization.
Interested in expanding midPoint - in the future may want to consider replacing their central person registry with this tool.
UMBC
Threefold:
Role out Grouper in production fashion - dockerized version
Auto provision groups across campus out to Google using Grouper as the conduit
midPoint - have an aging internal homegrown system (15+ years). Patched and repatched.
Want to replace bulk temporary accounts in this project
Containerized midPoint version; proof of concept first but eventually replace their Registry
Shib
Mature shib environment, but would like docker container for IDP
Have a legacy SSO system that handles all authentication. Need to understand how TIER shib version will play with this system.
Agree that Bill Thompson's Grouper Deployment Guide was extremely helpful
U of Michigan
Interested in enterprise identity access management to better coordinate campus IAM with their health system (reduce redundancy)
Primary interest for this program is to deploy Grouper
Have a test instance that are managing a couple groups that are not currently being used for anything.
This is a good time for UM to invest in Grouper
Current identity management system has been in place for ~10 years
Eventually interested in looking at containerization of Shib
Will start with TIER distribution of Grouper in a container and moving more in a DevOps direction.
Don't yet have a PM or Communications lead for this effort but working on it
How We'll Work - ideas:
Competing priorities - may want a monthly report out.
Do a feedback time slot at end of meetings to see how it's working
Will there be a one-to-one goal setting outside of the group meetings?
TIER Peer Idea:
Get feedback from each other and SMEs
We'd like to get together for 1.5 days and include management, architecture, and operations present
First day: presentations and look at what alignments there are
Put together next steps for the program to be manifested into bi-weekly calls, what we produce for the community, and how this can drive a second face-to-face meeting
Would be great if a couple campuses could help with planning
Would like to get something going before year-end
Need a site to host us (~50 people)
Lafayette and Mines have volunteered. Others?
We'll put out a poll for locations to see what works for everyone.
Will need a calendar to find best time.
Let's try to make it a one nighter to make it more practical. Agree it would be great to get into a room and talk things over.
Consider a noon to noon style meeting
Volunteers to help plan (we can get together at TechEx to sketch an agenda)
Janemarie
Bert
Matt @ Mines
Keith W.
We can review all plans ahead of time to save time with presentations, etc.
Idea:
Put together some WGs before the face to face and share out ideas at the F2F meeting
A table of attributes from the school.
Who is interested in what TIER projects
Current tools being used.
Common bullet points and goals
AI: Erin will create something in the wiki
ERP systems, across the top and campuses can add their own columns. Enable the team to contribute and easily edit.
Collaboration:
Slack - are folks open to this? YES!
Set up a channel for Grouper, midPoint, etc.
Folks can join channels that they are interested in.
Can also join some of the existing TIER WGs of interest
Set up everyone with wiki access, etc.
Interest Google Sheet:
Need roles for each group
Feedback for today:
Good session +5
Densely packed
Helpful to see points of synergy
TechEx
Can be a lurker at TechEx meeting F2F, which includes information on direction of the program and work in-flight. AI: Let us know if you'd like to be on that list. Let Steve Zoppi know if you'd like to be included.
Monday: after the reception, perhaps in the bar or near there, we can get together.