Update: TIER Working Groups 

Guide to Updates

Component Architects WG

September/October

    • Invited CACTI members join the WG to discuss having the Component Architects look at the FIM4R paper and help determine a Gap analysis between FIM4R requirements and our current architecture and services and also help prepare for a discussion around an Internet2 response to FIM4R
    • Continued discussions around Consent, roles as an internal component of Shibboleth vs a separate application, and relationships with GDPR
    • Shared information about Internet2/Community meetings with Google around an identity strategy that works for Google's services for federation participants
    • Updated a round of component and WG report outs along with
      • review of the TIER Campus Success Program (CSP) and thoughts/next steps on a potentially more full-featured and expanded future approach
      • readiness of the Shib UI for first preview release at TechEx
      • Federation Manager / Per-Entity Metadata (MDQ) status and functionality
      • Certificate Service / APIs ("lateral access to CAs"/"CA Diversification")
      • TIER contractor and contracts updates in process
    • Discussed ideas for bringing new professionals into the fold (as developers / contributors or other)
    • Had a full debrief on TechEx and ACAMP sessions and the potential influences those outcomes might have on priorities going forward

2018 Summary

Roadblocks

  • TBD

DataStructures/API - Entity Registry WGs https://spaces.at.internet2.edu/x/SgFwBQ

September/October

    • Worked on developing guidance and architectural considerations for Grouper / midPoint integrations
    • Discussed and documented architectures for integrating COmanage Match (ID Match) with the other components
    • TIER midPoint container development made excellent progress
      • Internet2 and Evolveum delivered Version 1.0 of a containerized midPoint package. In addition they delivered a complex midPoint demo package including integration with Grouper, Shib, LDAP, AMQP and the Jenkins CI/CD pipeline
      • WG members and Internet2 staff began working with the preview MVP just before TechEx 2018 and moved into full testing post TechEx
    • The team developed a cross-reference listing to gather everything that has been produced in the way of deliverables and artifacts toward assembling Documentation, Training and Workshop Materials, and Code and Configuration Repositories for Shibboleth, Grouper, COmanage, and midPoint as the TIER initiative winds down in early 2019 and a new sustainability model moves forward
      • While the final curation and organization of the material is under discussion, the current thought is to be in a ready state for providing clear direction on navigating and finding information at Global Summit 2019 in the way of a small staffed booth
    • The API and Registry Working Groups, in cooperation with several of the TIER Campus Success schools have developed schema mappings that will guide the development of a customizable Banner-to-midPoint connector.
    • Began an assessment of whether a common connector framework could be used across midPoint, Grouper and COmanage allowing all three to use a single connector for a given application or service provider.
    • Supported midPoint discussions and ACAMP sessions around all TIER components and adoption details at TechEx 2018

2018 Summary

  • The TIER Data Structures & API and TIER Entity Registry working groups have held combined meetings since the outset of the TIER initiative.  During 2018 these working groups focused on provisioning/de-provisioning, de-duplication of identities, and a number of other priorities to complete the work set forth in the TIER Accomplishments by Thematic Groups developed at the Technical Exchange 2017. This document provided the current state of the component portions of the TIER program and planned future activities. It draws from initial documentation of TIER program requirements and subsequent working group accomplishments and includes items identified by the component architects as being required to be completed before the end of the initiative.

    • Supported the development of the Grouper Training Environment

    • Planned and provided demonstrations at the Global Summit Trust & Identity Showcase sessions

    • Provided subject matter experts (SMEs) to support the TIER Campus Success Program

    • Collaborated with the Big Ten Academic Alliance on the TIER Provisioning Fit/Gap

    • Development of a TIER-style container for messaging between components

    • Developed guidance and architectural considerations for Grouper / midPoint integrations

Roadblocks

  • TBD

Packaging WG

September/October

  • Reviewed the results from the community Container Orchestration survey
    • Determined that docker Swarm remains an acceptable solution for TIER containers
    • Reviewing the utility of automated translation of docker-compose files (using Kompose) for use with Kubernetes for those who wish to go in that direction
      • Packaging Team will curate Kubernetes submissions from community members
  • Examined possibilities for using AWS Secret Manager for TIER Shibboleth IdP container deployments in AWS
  • Reviewed and updated Container Release notes along with guidelines for container adoption of tested builds through the TIER Container Preview Release Program
  • Followed up on midPoint containerization project for TechEx 2018 readiness
  • Worked with the Shib UI project team to finalize the packaging of the Shib UI in line with TIER Container requirements
  • Decision to phase out the distribution of virtual machine images once the TIER Reference Implementations are ready for use.

2018 Summary

  • During 2018 the TIER Packaging working group focused on refinements on the packaging for all component containers including related functions such as messaging and database containers to support the major components.  These refinements further streamlined and simplified the effort required to begin working with the TIER components.

    • Completed independent specification for how TIER-compatible docker containers are to be designed

    • Developed the TIER Grouper container with associated documentation

    • Worked with the Shibboleth UI development team on a container for that application

    • Worked with Evolveum to develop a TIER midPoint container

    • Developed logging standards for TIER containers

    • Presented the TIER Packaging Roadmap to date and planned work for the remainder of the year to wrap up the Wednesday Trust & Identity Showcase session at Global Summit

    • Developed a RabbitMQ container specification for messaging between TIER components

    • Supported the TIER Campus Success Program in understanding and working with the TIER packages

Roadblocks

  • TBD

BTAA and TIER Collaboration Provisioning and De-Provisioning

September/October
  • Finishing up product evaluations
  • Starting to look at the characteristics of a product comparison chart
  • Plans continue, once products are compared, to document best practices
  • Vision is to create a companion document to the TIER provisioning deliverables and the Grouper deployment guide. These deliverables create building blocks and a framework. Our work will recommend practices and policies to standardize the use of these blocks.
2018 Summary
  • The Big Ten Academic Alliance, working in conjunction with the TIER Data Structures & API working group focused on developing a survey to collect information on products specializing in provisioning & de-provisioning for comparison and evaluation.  The results of the evaluations are intended to help create best practices that are supported by today’s software offerings, discover additional best practices from how products perform various tasks, and provide a product comparison chart for those getting ready to implement a provisioning solution.

    • Developed a product evaluation template that also summarizes current evaluations to date

    • Supported the TIER Campus Success Program by completing a set of use cases for a bulk provisioning API. After reviewing these, the TIER API WG doesn't believe that such an API is necessary. They've posted their responses at the bottom of this wiki page: https://spaces.at.internet2.edu/x/koFyBw. The use cases will help to be a good exercise to test if existing TIER APIs can support them.

    Created a Github repository for collecting System for Cross-domain Identity Management (SCIM)  schema requirements at https://github.internet2.edu/tier/scim-schema which currently contains a JavaScript Object Notation (JSON)  version of the SCIM core schema.
Roadblocks


See Also

Trust and Identity Working Groups List