Component Architects WG
- Review of Shibboleth UI Work and Next Steps (Unicon)
- Resourcing Discussions by EOY2018 and Beyond
- Must decide about naming of COmanage, when it's not used as the registry
- Global Summit Objectives
- Campus Success Program F2F on Thursday
- Trust & Identity Showcase work
- Review Timeline and Functionality of Internet2’s implementation / Campus Success Program-driven work
- Implications and Clarifications re: Cloud Connect (which will become a new standing item)
- Continued review of the Shibboleth UI Work including the wrap up of MVP2 and finalized requirements for MVP3 work (Unicon)
- Planning of the conceptual requirements for the “workbench”/"test" federation to be followed by a work plan based on the Federation Manager development work
- https://docs.google.com/document/d/17_WxqBrjYD2EuMJQVerdVMZ1RBtRen1CnyloMZP5YkI/edit?usp=sharing)2018 TIER Work Plan by Thematic Grouping” (
- Planned work required to set up all TIER components under sustainable maintenance
- Planning for setting up a UI "BOF" Collaboration for Components
DataStructures/API - Entity Registry WGs
- Review and develop detailed plan for Trust & Identity Showcase sessions at Global Summit
- Review work for Person Registry - Next steps
- Finalize the schema for minimal person between Systems of Record and the Person Registry
- API & Messaging Specifications
- ID Match API calls
- Event triggering
- Plan for a TIER Registry Deployment Guide
- Begin work on Credential Management
- Begin supporting work with the Campus Success Program Banner Onboarding WG
- Develop updated inventory of APIs
- A majority of the time was spent detailing the TIER part 1 and part 2 demonstrations and presentations at the T&I Showcase sessions on Tuesday and Wednesday at the Global Summit 2018.
- Tuesday Summary Overview Plan:
The Shibboleth Metadata Management GUI will be demonstrated by staff from the TIER commercial partner Unicon.
Identity Onboarding Processes will review the TIER architecture and walk through a demonstration using the TIER Components. There will be a discussion and demo of the intake of data from multiple Systems of Record (SOR), the relationship of midPoint and COmanage in the TIER solutions. CoManage will be shown a SOR and as a registry solution. midPoint will be shown as a registry and a provisioning solution. The demo will illustrate publish & subscribe (Pub/Sub) messaging with RabbitMQ as well as establishing credentials using midPoint. Group management as outlined in the Grouper Deployment Guide will be shown. This session will provide setup for the Wednesday session that will focus on provisioning and de-provisioning.
- Wednesday Summary Overview Plan:
Continue the architecture and demo from Tuesday by showing TIER (de)Provisioning processes using Grouper, MidPoint and some common HigherEd applications. In the second portion of this session the Packaging TIER workgroup will present the Packaging solutions for the TIER program.
The API/Data structure and Registry workgroup members will discuss options and show Grouper updating the Midpoint Provisioning Engine, use of RabbitMQ and Grouper in provisioning to target applications such as Canvas. They will show some variations, discuss and demo TIER program deliverables. Discussion is encouraged and expected.
The Packaging TIER workgroup will then follow this up with a review and discussion of the packaged container solutions prepared in TIER for deployment of several components. These include: Shibboleth, Grouper, COmanage, midpoint, and RabbitMQ. Additional discussion of what is coming in the packaging area will be discussed.
- Details for the overall T&I Showcase Plans can be found at https://docs.google.com/document/d/1BLqyNX6qvpgtGoE76a9d2sz64loz0EiTEGANQa0Pj08/edit?usp=sharing
- Continued supporting work with the Campus Success Program Banner Onboarding WG and Grouper Deployment Enhancement WG
- Continued work to create logging standards. The original specification we created would not work well for all use cases. A new, more flexible specification is almost complete.
- Completed the work to specify the midPoint container and started began preparation of documents for discussion with Evolveum.
- Completed independent specification for how TIER-compatible containers are to be designed.
- Continued to solicit testers/deployers for the various components.
- Updated details around all TIER docker containers
- Updated documentation for all TIER docker reference implementations
- Updated logging specs based on input from the TIER Campus Success Program and Packaging WG members
- Advanced details for the midPoint container requirements to collaborate on with Evolveum
- Planned for a TIER packaging container status and workplan overview as the final presentation during the Wednesday T&I Showcase session at the Global Summit 2018
BTAA and TIER Collaboration Provisioning and De-Provisioning
- We've created a Github repo for collecting SCIM schema requirements: https://github.internet2.edu/tier/scim-schema. Keith H kindly provided a JSON version of the SCIM core schema which we've added to the repo. We're currently searching for extensions but haven't found any so far. Any contributions are welcomed and should be sent to KeithWessel.
- We completed a set of use cases for a bulk provisioning API. After reviewing these, the TIER API WG doesn't believe that such an API is necessary. They've posted their responses at the bottom of our wiki page: https://spaces.at.internet2.edu/x/koFyBw. The use cases will help to be a good exercise to test if existing TIER APIs can support them.
- We're working on our provisioning engine evaluations which will help to guide provisioning best practices that we document.
- Ethan and Jeff are trying out our evaluation questions by doing an evaluation of Midpoint.
- The group is working on an evaluation process and template to guide and simplify evaluations. We'll soon be looking for community members to evaluate both open source and commercial provisioning engines. Interested volunteers should contact Keith Wessel.
Concluded work on a far-too-long questionnaire for evaluating provisioning engines.
Discussed with a few fellow Big Ten IDM folks, and came up with a plan for a shorter evaluation questionnaire that still meets our needs. We’re done from 150+ questions to 35: https://spaces.at.internet2.edu/x/0Q2MBw
Results of evaluations will be combined with surveys of the Big Ten member schools from last summer to create three deliverables: a best practices write-up, a list of needed functionality that products don’t support today for consideration on the TIER roadmap, and a high-level product comparison chart for those shopping for provisioning products.
We’ll be starting provisioning engine evaluations in the near future. We need help and welcome community participation. It’s not a big time commitment. If someone can give an hour or two in June, please contact Keith Wessel.