Formerly the TIER-Data Structures and APIs Working Group Home
| Note | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Every other Wednesday Future Calls: Chose the one (Wed. or Fri.) that works best for your schedule and time zone):at 3 pm Eastern, Noon Pacific, 8 pm UT Alternating Fridays at 10 am Eastern, 7 am Pacific, 3 pm London, 4 pm Amsterdam
Current agenda and scribed notesAttendees are encouraged to participate in live-scribing the meetings on the above Google doc Email List:tierinctrust-api@internet2si@incommon.eduorg– To subscribe, browse to https://lists.internet2incommon.eduorg/sympa/subscribe/tierinctrust-apisi |
Working Group ChairChairs: Keith Hazelton, University of Wisconsin, Internet2, Ethan Kromhout, UNC Chapel Hill
Charter for Data Structures and APIs Working Group
...
Overview of the APIs and Data Structures and the Entity Registry Working Groups
TIER VIsion
Help education and research organizations solve the Identity and Access Management (IAM) challenges they encounter
By providing open source implementations of key IAM capabilities and assuring their long-term sustainability
By standardizing
How applications (whether local, federated or SaaS) integrate with IAM infrastructure
How existing institutional IAM infrastructure can interoperate with TIER components to provide a full IAM service suite
TIER Entity Registry and Data Structures and APIs Working Groups
The TIER Entity Registry Working Group and the TIER Data Structures and APIs Working Group share the following key goals
To define integration and interoperability strategies and models
To help charter development projects that address specific gaps in existing open source IAM packages
To develop a comprehensive functional model of IAM
To define and adopt specifications for the resource schema and interfaces needed to deliver identity and access management (IAM) services
- Between the various TIER IAM components
- Between TIER components and the rest of the institutional IT landscape, both on premise and in the cloud
- Provide guidance on building IAM infrastructure and processes that accord with the TIER model
Standards, Tools and Guidelines set out in TIER Release1
- Expose IAM capabilities at RESTful endpoints
- ...Where it makes sense: LDAP, SAML, etc. still have their well-earned place, TIER will take full advantage of such common protocols and interfaces. OAuth 2, OpenID Connect and UMA are also coming into play.
- REST ness in the TIER context means: HTTP verbs operate on Resources (groups, users,....); RPCish idioms should only be used when nothing else will do what needs to be done.
- The model for interoperating with existing institutional IAM services is to provide the TIER components with connectors that know how to interact with both back end legacy systems as well as the growing number of contracted-out SaaS and PaaS services
- An API-first design helps us achieve and maintain a level of abstraction from specific implementation choices. This gives TIER adopter sites the option to wrap their favorite legacy IAM service in a TIER API knowing that it will integrate well with other TIER or TIER-compliant packages.
- Adopt the many useful conventions specified in the new IETF standard, SCIM 2.0 ,
- around the design choices that would otherwise tend to provoke endless working group debates on matters such as pagination, metadata schema, data formats, etc.
- the choice to leverage SCIM, as much as anything else, made the decision to support JSON easier. Support for XML can be provided if and where it's needed.
API Specifications:
- The canonical specification language for HTTP-oriented APIs in TIER is Swagger 2.0
- Why Swagger and not RAML or API Blueprint?
- In the move from version 1 to version 2, Swagger incorporated a lot of RAML's best features (around reusable definitions, etc.)
- Swagger 2 has been adopted as the basis for further development by the industry-launched Open API Initiative (http://openapis.org) and that should strengthen the already thriving Swagger developer and adopter community
Key Deliverables for TIER R1
Content by Label showLabels false spaces DSAWG showSpace false sort title excerpt true excerptType rich content cql label = "deliverable" and space = "DSAWG" labels deliverable
Narrative Form
By April 2016
- Publish and promote the adoption of a first-round set of conventions for API and data structure design. The goal is to inform and hopefully influence API development for Release 1.0 Grouper and COmanage components.
- Pair the basic group and membership management APIs with an event-driven messaging approach to the same functionality. Clarify the circumstances that favor one approach over the other.
- Assess possible models for APIs and data structures around consent.
- Document the first round requirements for administering and monitoring IAM infrastructure and specify the kinds of instrumentation needed in each component to support administration and monitoring.
Other resources
(Original Charter from TIER Initiative)
Inventory of TIER APIs
- Credential Management (openapi)
- Used to manage credentials for a Person or Entity
- Group Registry (openapi)
- Used for Group and Group Member related requests
- SCIM (+ extensions?)
- ID Match (openapi)
- Used by Registry or SORs to obtain a Reference ID based on (SOR) attributes
- Person Registry (openapi)
- Used for Person (and maybe other Entity?) related API requests
- SCIM (+ extensions)
- Subscriber Message Notification (openapi)
- Used to send update notifications to downstream systems
Schema work items
- Under the API-Schema organization on Internet2 Enterprise Github
Older items
Jim Fox on Messaging at U Dub
Rob Carter thoughts on fine-grained authZ on APIs for data access <= = relates to issues discussed on the 11 December 2015 callJIRA Project for TIER API Working Group
Background information on TIER, Internet2 initiative on Trust and Identity in Education and Research
- Internet2 Middleware IAM Diagram from 2006.
- Accomplishments and Plans from the TIER API and Registries Working Groups (blog January 2017)
...