The TIER Reference Architecture assists executive stakeholders, campus IT architects and TIER community members in understanding the functional components for identity and access management in a higher education institution, and how those components relate to one another.

TIER’s Business Context

The TIER Architecture simplifies campus processes and advances inter-institutional collaboration and research through an open-source toolset and a set of campus architectural practices that answer the challenges posed by identity and access control at higher education institutions.  The TIER Architecture provides tools, software and architectural patterns that enable institutions to effectively and securely manage access to institutional resources and to foster inter-institutional collaboration.

The TIER Reference Architecture

Internet2’s Trust and Identity in Education and Research (TIER) program aims to simplify campus processes and advance inter-institutional collaboration and research.

The diagram shows a “reference architecture” -- a way to consider the functional components for identity and access management in a higher educational institution.  These consist of:

  • Person (or "Entity") Registry -- records of student, staff, faculty, guests, etc
  • Authentication and Federation-related services -- components that enable verified, privacy-preserving user access to services both locally and at remote partners
  • Groups Service -- named collections of users for use in mailing lists and authorization rules
  • Provisioning -- a single point of management for user accounts at multiple local services and systems (e.g. legacy OSs, databases, etc)
  • Messaging Queuing Service -- “publish and subscribe” and reliable delivery functionality

TIER helps institutions fulfill their functional identity and access management needs by delivering flexibly packaged and deployable components, along with a set of APIs to provide consistency and to ease integration.

Here’s a list of the current and planned TIER components, related to the reference architecture:

For more information about TIER, please see TIER Vision.


For more information about each TIER component, click on the component name above.

  • No labels

1 Comment

  1. As discussed on the 7/8 call, we probably want to think about having messaging coming on the inbound side as well.