TIER-Data Structures and APIs Working Group Home

Subgroup 1 : Wednesday, 20 April , 2016 at 3 pm Eastern, Noon Pacific, 8 pm UTC
- video: https://bluejeans.com/439600784/browser
Subgroup 2: Friday, 22 April , 2016 at 10 am Eastern, 7 am Pacific, 3 pm UTC
- video: https://bluejeans.com/965988291/browser

Attendees are encouraged to participate in live-scribing the meetings on the above Google doc.

Working Group Chair: Keith Hazelton, University of Wisconsin

Develop a comprehensive functional model of IAM
Develop specifications for the resource schema and interfaces needed to deliver identity and access management (IAM) services
- Between the various TIER IAM components
- Between TIER components and the rest of the institutional IT landscape, both on premise and in the cloud
Provide guidance on building IAM infrastructure and processes that accord with the TIER model

Expose IAM capabilities at RESTful endpoints
- ...Where it makes sense: LDAP, SAML, etc. still have their well-earned place, TIER will take full advantage of such common protocols and interfaces. OAuth 2, OpenID Connect and UMA are also coming into play.
- REST ness in the TIER context means: HTTP verbs operate on Resources (groups, users,....); RPCish idioms should only be used when nothing else will do what needs to be done.
- The model for interoperating with existing institutional IAM services is to provide the TIER components with connectors that know how to interact with both back end legacy systems as well as the growing number of contracted-out SaaS and PaaS services
Adopt the many useful conventions specified in the new IETF standard, SCIM 2.0 ,
- around the design choices that would otherwise tend to provoke endless Working Group debates on matters such as pagination, metadata schema, data formats, etc.
- the choice to leverage SCIM, as much as anything else, made the decision to support JSON easier. Support for XML can be provided if and where it's needed.

The canonical specification language for HTTP-oriented APIs in TIER is Swagger 2.0
Why Swagger and not RAML? After all, RAML is pretty cool
In the move from version 1 to version 2, Swagger incorporated a lot of the RAML coolness (around reusable definitions, etc)
Swagger 2 has been adopted as the basis for further development by the industry-launched Open API Initiative (http://openapis.org)

Page:

Instrumenting and Monitoring TIER Components--First Steps in a Long Journey —
Initial Investigations: Analysis of Grouper Logs using the Free and Open Source ELK stack (Elasticsearch, Logstash and Kibana)
Current work: Testing the ELK stack for Grouper log aggregation, exploration and visualization; The Grouper Demo Server is serving as the data source.
The ELK stack brings together
Page:
TIER API Basic Group Management Operations
—
Implemented
- TIER API look for subject 'S' in group 'G'
Page:

TIER API: Basic Person Management Operations —
TBD: Create Swagger Specification for These Operations
System of Record (SOR) Person Role Added
It is up to the Identity Registry to determine how to map the provided attributes to its internal data model.
Page:

TIER Standards and Guidelines —
Standards and guidelines that apply to all TIER Messages

By April 2016

Publish and promote the adoption of a first-round set of conventions for API and data structure design. The goal is to inform and hopefully influence API development for Release 1.0 Grouper and COmanage components.
Pair the basic group and membership management APIs with an event-driven messaging approach to the same functionality. Clarify the circumstances that favor one approach over the other.
Assess possible models for APIs and data structures around consent.
Document the first round requirements for administering and monitoring IAM infrastructure and specify the kinds of instrumentation needed in each component to support administration and monitoring.

Page tree