You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 55 Next »

Items labeled (A) must be delivered by TechEx 2017

Items labeled (B) are intended to be done by TechEx 2017, but the schedule may slip on some of them

S,M,L: Small, Medium, Large in terms of relative effort to complete


1) Shortcut to Planning Pages for the TechEx Demos

See the Demo Planning pages for further details on specific TechEx demonstrations

2) Deliver APIs

  1. (A, m) Definitive TIER API Guideline document; The excavation, sifting and winnowing are likely to be the labor intensive bits.
  2. (B, s) Evaluate need for Grouper permission and policy management
  3. (A, m) SoR/Registry/ODS/Groups (for TechEx needs; Ultimately it will end up being Large)
  4. (A, s) Registry to Grouper: Registry is authoritative source of subjects (LDAP, JDBC, API later?)
  5. (A, s) Provisioning (for demo purposes, based on UW-Madison Global Summit demo)
  6. (A, s) Consent-informed Attribute Release (CAR)
    1. External API authored by Marlena
    2. Presentation to TIER-API prior to their review of the API
  7. (B, mCertificate API
    1. An API for server certificate management for use by InCommon (check with ChrisHubing and JimJ)
    2. JimJ would help with a Comodo proxy

3) Define and implement an event-driven messaging approach

  1. (A, l) Asynch architecture, to complement the more synchronous API-based approach
    1. Messaging model where we only send identifiers of changed objects is probably small
    2. Demo: Grouper changelog publishes  events onto an AMQP message transport. What''s available now or soon (RabbitMQ, ActiveMQ)

    3. A provisioning/de-provisioning message consumer (perhaps via midPoint) adds/removes people to an external system based on changes in group membership.

    4. Demo: “Human Resource” system puts HR events on a subscribable message queue; Message subscriber reflecting changes into Person Registry

4) Publish Guidelines and Recommendations on Security Models for API Authentication and Authorization

  1. (A, m) Develop guidelines and recommendation in cooperation with InCommon TAC OIDC WG and REFEDs WG
  2. (A, ?) Demonstration relying on a first version of Jim Fox's Client-Service Registry

5) Design, implement an Entity Registry

  1. (A, s) Refine data model for minimal Registry (AI - Warren)
  2. (A, s) SCIM - user
  3. (A, m) Midpoint Install
    1. JimJ has packaged MidPoint and an integrated OpenLDAP into a container so we can implement Warren and Ben's work on the Thin Registry as a start
    2. Provisioning is a strength of Midpoint that we want to test out
    3. Perhaps use a Canvas connector for this.
    4. Implementation to support requirements for Provisioning in the WG
  4. (A, m?) COmanage  Install - support for 3.a through 3.d

6) Implement simple identity matching and related features

  1. (BSingle package used by both midPoint and COmanage

7) Define Person Registry and ODS connection

  1. (BTIER HAS to do the API for identity data a la ODS. Longer run we’ll need an implementation package for those APIs.

    1. when APIs are largely defined, consider polling/surveying community for viability with existing systems as input to determining whether or not TIER needs to go build something.

  2. (BDemonstrate Person data APIs (using the registry, ODS, group repository to populate the user SCIM schema.

8) Advance Grouper training and adoption

  1. (ABuilding a training course for Grouper, leveraging both the Grouper Deployment Guide and Bill Thompson and Chris Hyzer pre-conference Grouper training session at Apereo.

  2. (BDemonstrations of more advanced features at Tech Ex

9) Implement Provisioning tools and demos

  1. (A) Canvas API connector(s) for midPoint and/or COmanage
  2. (BSee above 5.3 and 5.4

10) Take next steps in Documenting TIER Components

  1. (BBennO - Consideration for COmanage Deployment Guide

    1. Not sure that the GDG approach is possible

    2. More likely to take form of screen shares and web cases

  2. (BWould like to offer either Grouper or COmanage as general tools for SP integration

    1. Enrich SAML-delivered attributes with COmanage identity information to make sure SP gets everything it needs.

    2. Related to provisioning, see 4.3, 4.4, JITime and JICase provisioning; IdP Proxy

  • No labels