The primary objective is to provide and operate a community self-service collaboration system whereby members can request access and limited management right to Internet2 resources in order to facilitate a collaboration with others.
A basic requirement to support these types of collaborations is an Internet2 identity and access management system (IAM). This is so that community members have access to collaboration tools much in the same way they do in research and higher education environments.
Using their federated Identity, along with the attributes that are associated with that identity, will streamline the processes and workflows for collaborations dependent on multiple sources of data how people access and manage that data.
The reason that the TIER component COmanage has been a moniker of this effort is because it is the front door for collaboration management and Identity affiliations within collaborations.
The image depicts a working group use case where a community member requests a collaboration through a portal (similar to how folks sign up for an event now). The request is directed to a Sponsor within Internet2, and if approved, the community member is provided with access to manage resources. They can also invite others to collaborate and manage their access privileges. The resources and their access is coordinated through groups in the IAM system. A single group (or group of groups) and the members in that group (or groups) are provided access to the associated resources based on the attributes of the groups.
Internal Internet2 staff will also be able to access and manage resources for collaborations they are involved in. For instance someone flywheeling for a working group would likely be in the same group as the working group chair so they can also manage other members' access rights on behalf of the working group lead/chair.
Roles at Internet2
A Team Effort with CE / Marcom will be needed to identify long-term naming/branding and messaging to the Community.
TSG will host and manage the Operations.
Trust & Identity provides development support as well as collaboration with the Community on the Identity Management.
Project Plan Details
Current Community Visibility
- First pilot demonstration at Global Summit 2017.
- Second MVP demonstration at TechEx 2017.
This platform is based on the current release of the TIER components COmanage and Shibboleth and will include Grouper and eventually MidPoint.
Additional Goals & Feature Development
Provide a mechanism for community members in general to access new evolving collaboration areas, such as:
The TIER Workbench which will include demonstrations and interoperability platforms
TIER Workbench Goals
• Integrate applications for Community Access to Development Resources
◦ AWS (including Docker and Jenkins development tools)
◦ Internet2 Enterprise GitHub
• Provide a "Shadow Federation" which can only be used for testing purposes
Extend Applications to other frequently used resources:
Give Internet2 a platform to internally manage and share identities across a diverse set of information and service platforms like:
Salesforce (to be able to sync/normalize some identity information)
- ServiceNow (potentially for NS)