Tuesday, April 12, 2016 TIER Thematic Requirements / Prioritized 2:41:42 PM (Least Important) 1 ... 5 (Most Important) Theme / Category / (ID) Requirement Avg Rating Solution Standards and Enforcement 31 The program must assert and enforce: Published / Stable APIs for ALL core components. 5.00 [Unchanged Requirement] Dep Rel Solution Federation and Inter-Federation 9 Inter-Federation and Federation needs must be held high in considerations when building core solutions 4.92 and artifacts related to TIER. [Unchanged Requirement] Dep 16 Rel Person Registry/Provisioning 20 Identity Matching Logic must be a part of the Person Registry Service (Directory) 4.92 [Unchanged Requirement] Dep 31 Rel Campus Success Basic Communications 54 One Pager for general stakeholders (elevator speech) 4.83 [Unchanged Requirement] Dep Rel Solution De/Provisioning 8 The solutions must enable individuals to have multiple roles/affiliations/relationships/whatever with the 4.83 institution, each with its own lifecycle and overlapping set of access privileges needed to undertake each role. Statefulness (persistence and preservation of state) must permeate the design goals of all solution components in order to correctly and efficiently manage their access over the course of these multiple lifecycles. [Unchanged Requirement] Dep 31 Rel Standards and Enforcement 32 Implementation, Integration with and Adoption of Community or Commercial Services which have adopted 4.83 TIER program standards should be “trivial” to implement from a school’s perspective as long as the school has implemented TIER and used the TIER default settings. This is Aspirational ... Implementation, Integration with and Adoption of Community or Commercial Services Dep which have adopted TIER program standards should be “trivial” to implement from a school’s perspective Rel as long as the school has implemented TIER and used the TIER default settings. Program Success Governance Scale (Least Important) 1 ... 5 (Most Important) Page 1 of 10 Theme / Category / (ID) Requirement Avg Rating 58 Provide mechanisms for gathering ideas and suggestions from the investors 4.75 [Unchanged Requirement] Dep Rel Solution De/Provisioning 4 Events (such as admission, enrollment, new hire, etc.) must trigger lifecycle stage transitions, role 4.75 changes, affiliation changes, etc. Those can then cause other events such as service eligibility. Lifecycle changes or affiliations all precipitate a need for provisioning wherein roles are mapped to services / entitlements. [Unchanged Requirement] Dep 31 Rel Person Registry/Provisioning 19 De-Duplication must be a part of the Person Registry Service (Directory) 4.75 [Unchanged Requirement] Dep 31, 20 Rel 20 User Interface/User Experience (UI/UX) 38 Password Reset capabilities must be standardized upon and deployed in the out of the box solutions, with 4.75 sufficient flexibility to meet institutional business practices. (Probably need to talk through the non- password self-service interface - See line 43) [Unchanged Requirement] Dep 31 Rel Solution De/Provisioning 6 The solution must anticipate the possibility of conflicting roles in the case of multiple personnae when 4.67 exposing Role information to Service Providers so they may adjudicate access, authorization, etc. The solution must anticipate the possibility of conflicting roles in the case of multiple affiliations when Dep exposing Role information to Service Providers so they may adjudicate access, authorization, etc. Rel Interoperability 13 An extensible Publish/Subscribe mechanism must be supported to enable near-real-time communication 4.67 between dependent systems of record. [Unchanged Requirement] Dep 31 Rel Levels of Assurance (LoA)/MFA (Quality of Identity and Identification) 18 Flexible Multi-Factor Authentication in Single-Signon should be enabled by default, with the ability to 4.67 require Multi-Factor Authentication per-Service Provider and/or per-Individual [Unchanged Requirement] Dep Rel 9 Standards and Enforcement 28 The program must assert and enforce: Policy Standards 4.67 [Unchanged Requirement] Dep Rel Scale (Least Important) 1 ... 5 (Most Important) Page 2 of 10 Theme / Category / (ID) Requirement Avg Rating 30 The program must assert and enforce: Persistence (storage of data) standards 4.67 [Unchanged Requirement] Dep Rel User Interface/User Experience (UI/UX) 36 An end user Identity Console must be instantiated with the ability to update personally-owned attributes 4.67 (e.g., names, numbers, some addresses, preferences, etc.) and be confident that the data will be reliably propagated to relying party systems (e.g., ERPs, directories, etc.). [Unchanged Requirement] Dep 13, 31 Rel 40 39 A Person may have multiple personas that an organization may require them to “act in the role of”, An easy 4.67 way of switching personas should be constructed as a part of the final solution. [Unchanged Requirement] Dep 31, 7 Rel 6 Solution Person Registry/Provisioning 21 Institutionally Defined Metadata must be enabled in the Cloud-Based solution as well as the on-Premise 4.58 solution. [Unchanged Requirement] Dep 31, 49 Rel Person Registry/Provisioning/IdP Attribute Release 25 The person registry service must provide the ability to present a selected set or subset of attributes to a 4.58 selected set of systems. The solution must provide a fine-grained ability to present a selected set or subset of attributes to a Dep selected set of systems. Rel 39, 9, 26, 40, 8 Solution Person Registry/Provisioning/IdP Attribute Release 73 [New or Empty Requirement] 4.58 The solution must provide a method to administratively add and remove attributes and personal identifiers Dep from all relevant components. Rel 39, 26 Solution User Interface/User Experience (UI/UX) 40 “Constituent focused,” self-service Interfaces must be included in the final solutions that dynamically and 4.42 simply express what each constituent is authorized to manage about their own or others’ attributes and access privileges. Key such constituencies: administrators supporting on-boarding processes, unit and group managers/leads managing access to their groups’ resources, service owners managing characteristics of federation access to their serviices, and individuals managing their credentials and privacy of their attributes. [Unchanged Requirement] Dep 40 Rel 46 Campus Success Basic Communications Scale (Least Important) 1 ... 5 (Most Important) Page 3 of 10 Theme / Category / (ID) Requirement Avg Rating 55 One-pager targeted for identified stakeholders 4.33 [Unchanged Requirement] Dep Rel Solution Standards and Enforcement 29 The program must assert and enforce: Terminology Standards 4.33 The program must assert and enforce: Terminology Standards (example: RFC Level of Definition or Dep Distinction for TIER) Rel 27 The program must assert and enforce: Datagram Standards 4.33 [Unchanged Requirement] Dep 31 Rel Solution De/Provisioning 5 The solution must support high level workflows between "states" (states-of-being). Note: This is a higher- 4.25 level of activity such as "Adding" "Updating" "Removing" a "Person" or other entity causes a cascade of activities at the same level in other services like Box, Canvas, etc. [Unchanged Requirement] Dep 13 Rel 36, 19, 6, 4 Person Registry/Provisioning 22 Individuals must be able to support the association of various personae with their own identity. (Account 4.25 Linking must also be a part of this functionality.) Individuals must be able to support the association of various Dep 9, 16 organization-external "identities" with their Rel 39 own identity. (Context: Self-Service) Campus Success Context - Program Stakeholders 49 TIER must engage corporate service providers to ensure success of the Program. 4.17 [Unchanged Requirement] Dep Rel 21, 50 Solution Interoperability 16 The solution must enable smooth runtime integration / mapping between SAML and OpenID/OAuth 4.17 Protected services. [Unchanged Requirement] Dep Rel 9 Program Success Context - Program Stakeholders 50 TIER must engage XSEDE, NSF, DoEd, and Federal Agencies to ensure success of the Program. 4.08 [Unchanged Requirement] Dep Rel 49 Governance Scale (Least Important) 1 ... 5 (Most Important) Page 4 of 10 Theme / Category / (ID) Requirement Avg Rating 60 Publish governance model and method for participating in decision process 4.08 [Unchanged Requirement] Dep Rel Solution Interoperability 14 CommonAPP like Integration process should be devised for identity creation, etc. IdP (CommIT) 4.08 integration not specifically mentioned but is also a clear need. This is not really a requirement - it's more of a specific call to keep CommonAPP in consideration when Dep 31 building connectors to TIER components. Rel User Interface/User Experience (UI/UX) 37 User Interfaces must be created to ease the installation, implementation, administration and use of the 4.08 most common tasks for all components. (e.g. the Lack of a User Interface should be a “fail” criterion for any critical feature or function.) [Unchanged Requirement] Dep Rel Campus Success Adoption Assistance 62 Develop "IAM Assessment Model" - Develop lightweight Assessment tool for each release, targeting the 4.00 features supported for that functional set. [Unchanged Requirement] Dep 62 Rel 61, 63, 64, 65, 66, 67 Solution Person Registry/Provisioning 26 The solution may enable user to be in control of their personal data stores such that when relying parties 3.92 are requesting access to those data, users should have fine-grained controls over what pieces of personal data are shared with such parties. [Unchanged Requirement] Dep 25, 9 Rel 39, 9, 40, 25 Solution Auditing Monitoring and Management 1 Logging and all other forms of application Instrumentation for Policy and Performance monitoring and 3.83 management must be rigorously implemented within all components of the solution. [Unchanged Requirement] Dep 31 Rel Interoperability 15 ECP and CLI protocols for authentication must be enabled as for Research/Collaborative computing 3.83 Beyond WEB Only Authentication (e.g. ECP and CLI protocols) for authentication must be enabled as for Dep 9 Research/Collaborative computing Rel 28? Person Registry/Provisioning 24 The person registry service must have a minimum threshold of assurance when linking an account. 3.83 The person registry service must have an attribute for the level of assurance associated with each linked Dep account. Rel 22 Scale (Least Important) 1 ... 5 (Most Important) Page 5 of 10 Theme / Category / (ID) Requirement Avg Rating Campus Success Context - Campus Stakeholders 41 Develop materials for CIOs to use when engaging Campus leadership 3.58 [Unchanged Requirement] Dep Rel 42 Solution Interoperability 12 A mechanism to augment the catalog of Core Connectors must be provided to the community for inter- 3.58 institutional sharing and implementation. [Unchanged Requirement] Dep 31, 13 Rel 31, 13 Campus Success Adoption Assistance 64 IAM Assessment Delivery Method - Online form with automatic tally 3.50 [Unchanged Requirement] Dep Rel 61, 62, 63, 65, 66, 67 Solution Levels of Assurance (LoA)/MFA (Quality of Identity and Identification) 17 The ability to promote and demote the Levels of Assurance of an identity over time should be implemented 3.42 in the component suite. For example, having higher Levels of Assurance while student, then lower (social?) when alumni, and later yet higher again as grad student or employee are the representative scenarios. [Unchanged Requirement] Dep 5, 7 Rel 5, 18 Research Organization Support 34 Authorization infrastructure must be constructed (or made available) that can be consumed by applications 3.42 across both internal and external identities and services. [Unchanged Requirement] Dep 22, 16 Rel Campus Success Basic Communications 56 Glossary 3.33 Glossary: Common Terminology Reference Dep 29 Rel Context - Campus Stakeholders 42 Develop materials for CIOs to use when engaging Registrars 3.33 [Unchanged Requirement] Dep Rel 41 Solution Service Providers and Third-Parties Scale (Least Important) 1 ... 5 (Most Important) Page 6 of 10 Theme / Category / (ID) Requirement Avg Rating 35 The program and related solutions must enable the service owners of federation-facing campus services to 3.33 directly manage the controls and access by external identities such that service owners won't need campus federation gurus to manage their services. [Unchanged Requirement] Dep 31, 9 Rel 40, 36 Solution Research Organization Support 33 COManage-like functionality must be included in the solution as a proper starting administration point for 3.25 Research Organizations (Virtual Organizations) The ability to construct a Research Organization User interface through open APIs to create purpose-specific implementations is a goal. [Unchanged Requirement] Dep 31, 9 Rel Campus Success Adoption Assistance 72 Provide peer/cohort support models 3.08 [Unchanged Requirement] Dep Rel Solution Interoperability 10 The Solution should provide “other technology” interfaces to facilitate operation with non-NET+ solutions 3.08 (campus ERP, non-NET+ vendors, etc.). (e.g., OAuth, SCIM, etc.). [Unchanged Requirement] Dep 31, 28 Rel Solution Interoperability 11 Pre-built connectors for the most common of systems of record must be in the “core” TIER release. 3.00 [Unchanged Requirement] Dep 31, 13 Rel Campus Success Adoption Assistance 70 Deployment practice recommendations 2.83 [Unchanged Requirement] Dep Rel Solution Person Registry/Provisioning 23 Once instantiated, the persistence of an identity must extend beyond a lifetime (indefinitely). 2.75 Once instantiated, the persistence of identifiers of which (at least) one must extend beyond a lifetime Dep (indefinitely), ie. must never be reused and must never be deleted once created. Rel 19, 20 Campus Success Adoption Assistance Scale (Least Important) 1 ... 5 (Most Important) Page 7 of 10 Theme / Category / (ID) Requirement Avg Rating 65 IAM Assessment Delivery Method - Consultant service for on-site assessment 2.67 [Unchanged Requirement] Dep Rel 61, 62, 63, 64, 66, 67 Campus Success Adoption Assistance 71 Provide corporate consulting support models 2.58 [Unchanged Requirement] Dep Rel Context - Campus Stakeholders 46 Develop materials for CIOs to use when engaging VP of Research 2.58 [Unchanged Requirement] Dep Rel 44 Solution Community Documentation and Interaction 2 Solution must enable the sharing of a common documentation repository as well as a place for school 2.58 practitioners and service providers to go to find useful instructions, standards, practices and guidelines for building end-to-end services based on TIER components and default configurations. [Unchanged Requirement] Dep 29, 56 Rel Campus Success Context - Campus Stakeholders 44 Develop materials for CIOs to use when engaging other business leadership 2.50 [Unchanged Requirement] Dep Rel 44 Program Success Governance 57 Provide mechanisms for gathering ideas and suggestions from the broader community 2.50 [Unchanged Requirement] Dep Rel Campus Success Adoption Assistance 67 Develop guidance for addressing gaps identified in "IAM Assessment Model" - Develop specific guidance 2.42 for each release [Unchanged Requirement] Dep Rel 61, 62, 63, 64, 65, 66 61 Develop IAM Assessment Model - Develop a complete IAM assessment tool, one comprehensive model 2.42 that covers broad IAM topics. [Unchanged Requirement] Dep Rel 62, 63, 64, 65, 66, 67 Context - Campus Stakeholders Scale (Least Important) 1 ... 5 (Most Important) Page 8 of 10 Theme / Category / (ID) Requirement Avg Rating 43 Develop materials for CIOs to use when engaging researchers 2.42 [Unchanged Requirement] Dep Rel 44 Program Success Context - Program Stakeholders 47 TIER must engage schools with fewer available resources to ensure wide adoption of the Program. 2.42 [Unchanged Requirement] Dep Rel 51 Campus Success Adoption Assistance 69 Readiness Education - Webinars 2.33 [Unchanged Requirement] Dep Rel Context - Campus Stakeholders 45 Develop materials for CIOs to use when engaging academic medical centers 2.33 [Unchanged Requirement] Dep Rel 44 Solution Community Documentation and Interaction 3 Solution extensions must be available in the form of a Marketplace or some other suitable means of 2.33 presenting a catalog of available functionality, contributed by the community, for utilization by others. [Unchanged Requirement] Dep 31 Rel 11 Program Success Context - Program Stakeholders 53 TIER must engage national organizations of identified stakeholders (AACRAO, NACUBO, etc.) 2.25 to ensure success of the Program. [Unchanged Requirement] Dep Rel Governance 59 Publish open source policy statement and license to enable appropriate vendor marketplace and campus 2.25 understanding of our approach. Published for all Investors in MOU, with abstract for public view [Unchanged Requirement] Dep Rel Solution De/Provisioning 7 The solutions may take into consideration the most COMMON decision making rules and the most 2.17 RESTRICTIVE decision making should be at the institutional control. Default is DENY then rules-based addition of eligibility to access a service or an object. (We need to work on the individual aspects of this) The solutions must take into consideration that conflicting grants of authority, eg, one source indicating a Dep 5 grant of access and another a denial of access, must be resolvable according to the needs of each Rel application or service context. Scale (Least Important) 1 ... 5 (Most Important) Page 9 of 10 Theme / Category / (ID) Requirement Avg Rating Campus Success Adoption Assistance 66 Develop guidance for addressing gaps identified in "IAM Assessment Model" - Develop overall guidance for 2.08 broad IAM [Unchanged Requirement] Dep Rel 61, 62, 63, 64, 65, 67 Campus Success Adoption Assistance 63 IAM Assessment Delivery Method - PDF document 2.00 [Unchanged Requirement] Dep Rel 61, 62, 64, 65, 66, 67 Context - Program Stakeholders 48 TIER must engage corporate adoption/support vendors to ensure success of the Program. 2.00 [Unchanged Requirement] Dep 31 Rel 10, 11 Campus Success Adoption Assistance 68 Readiness Education - Face to Face Workshop 1.83 [Unchanged Requirement] Dep Rel Program Success Context - Program Stakeholders 51 TIER must engage broad education including K12 to ensure success of the Program. 1.75 [Unchanged Requirement] Dep Rel 47 Program Success Context - Program Stakeholders 52 TIER must engage state departments of instruction to ensure success of the Program. 1.17 [Unchanged Requirement] Dep Rel 51 73 Scale (Least Important) 1 ... 5 (Most Important) Page 10 of 10