2018 - September/October

July/August

• Focusing regular component and WG development report outs around prioritizing work and spending as the initial funding model winds down in Q1 2019
• Began discussions and planning around building an apprenticeship/successorship model to sustain a community base of expertise for continued development and sustainability for advancing IAM programs, software and support.
• In-depth component and WG report outs
  • Shib IdP 3.4 tracking later than hoped but no blockers
  • Grouper 2.4 release is wrapping up and will be updated in the TIER container shortly thereafter
    • TechEx - TIER Access and Governance w Grouper Training on Monday 8am-5pm https://meetings.internet2.edu/2018-technology-exchange/program-guide/tutorials-workshops/#TIER
  • COmanage 3.2.0 release tracking for TechEx along with ID Match
  • midPoint - Evolveum development underway for TIER container
  • Shib UI/UX ready for final demo and code review. Packaging to be complete for campus testing by TechEx

September/October

• Invited CACTI members join the WG to discuss having the Component Architects look at the FIM4R paper and help determine a Gap analysis between FIM4R requirements and our current architecture and services and also help prepare for a discussion around an Internet2 response to FIM4R
• Continued discussions around Consent, roles as an internal component of Shibboleth vs a separate application, and relationships with GDPR
• Shared information about Internet2/Community meetings with Google around an identity strategy that works for Google's services for federation participants
• Updated a round of component and WG report outs along with
  • review of the TIER Campus Success Program (CSP) and thoughts/next steps on a potentially more full-featured and expanded future approach
    
  • readiness of the Shib UI for first preview release at TechEx
  • Federation Manager / Per-Entity Metadata (MDQ) status and functionality
    
  • Certificate Service / APIs ("lateral access to CAs"/"CA Diversification")
    
  • TIER contractor and contracts updates in process
• Discussed ideas for bringing new professionals into the fold (as developers / contributors or other)
• Had a full debrief on TechEx and ACAMP sessions and the potential influences those outcomes might have on priorities going forward

Roadblocks

• TBD

July/August

• API/Schema work
  • Documentation of data structures, APIs and messages
  • Generate clients and services using OAI 3 (see above) and Swagger tooling
  • Banner SoR schema and Banner-midPoint connector - CSP initiated
• Development of a TIER-style container for RabbitMQ
  • Taking advantage of what is available and fits our needs and will just need minor tailoring
• ID Match API specification and implementation
  • Assemble a "Pilot" group with the interested CSP schools next month
• Minimal Registry - we have agreed on this but have not "yet" produced a final document for distribution
  • Principally want to encourage folks to re-think how much they want to cram into their registry and so spec out the absolute minimal person
  • But also want to have a list that can be considered as add-ons for those who feel they need it. Need this whole list for completeness.
• Finalized SOW for the TIER midPoint container

September/October

• Worked on developing guidance and architectural considerations for Grouper / midPoint integrations
• Discussed and documented architectures for integrating COmanage Match (ID Match) with the other components
  
• TIER midPoint container development made excellent progress
  
  • Internet2 and Evolveum delivered Version 1.0 of a containerized midPoint package. In addition they delivered a complex midPoint demo package including integration with Grouper, Shib, LDAP, AMQP and the Jenkins CI/CD pipeline
    
  • WG members and Internet2 staff began working with the preview MVP just before TechEx 2018 and moved into full testing post TechEx
    
• The team developed a cross-reference listing to gather everything that has been produced in the way of deliverables and artifacts toward assembling Documentation, Training and Workshop Materials, and Code and Configuration Repositories for Shibboleth, Grouper, COmanage, and midPoint as the TIER initiative winds down in early 2019 and a new sustainability model moves forward
  
  • While the final curation and organization of the material is under discussion, the current thought is to be in a ready state for providing clear direction on navigating and finding information at Global Summit 2019 in the way of a small staffed booth
    
• The API and Registry Working Groups, in cooperation with several of the TIER Campus Success schools have developed schema mappings that will guide the development of a customizable Banner-to-midPoint connector.
  
• Began an assessment of whether a common connector framework could be used across midPoint, Grouper and COmanage allowing all three to use a single connector for a given application or service provider.
  
• Supported midPoint discussions and ACAMP sessions around all TIER components and adoption details at TechEx 2018
  

Roadblocks

• TBD

July/August

• Grouper build/test enhancements
  • returning error codes, etc.
  • working Grouper tests into Packaging tests is a goal, but Grouper tests take a long time
• Revisiting base container OS decision
• RabbitMQ container spec
• Next month: Shibboleth UI packaging
• Finalized SOW for the TIER midPoint container
• BTAA TIER Docker Hackathon - notes courtesy of James Babb facilitating for TIER
• Developed and distributed a survey on container orchestration frameworks to get a broader view of feedback around the need to support Swarm or Kubernetes etc.

September/October

• Reviewed the results from the community Container Orchestration survey
  • Determined that docker Swarm remains an acceptable solution for TIER containers
  • Reviewing the utility of automated translation of docker-compose files (using Kompose) for use with Kubernetes for those who wish to go in that direction
  • Packaging Team will curate Kubernetes submissions from community members
• Examined possibilities for using AWS Secret Manager for TIER Shibboleth IdP container deployments in AWS
• Reviewed and updated Container Release notes along with guidelines for container adoption of tested builds through the TIER Container Preview Release Program
• Followed up on midPoint containerization project for TechEx 2018 readiness
• Worked with the Shib UI project team to finalize the packaging of the Shib UI in line with TIER Container requirements
• Decision to phase out the distribution of virtual machine images once the TIER Reference Implementations are ready for use.

Roadblocks

• TBD

• Continued collecting provisioning engine product evaluations. Over the summer, we were able to get four, and we’ve started analyzing them to pull out product comparisons and best practices.
• Plans: We still need a couple more evaluations. In particular, we’d like an evaluation of Grouper as a provisioning engine. Erik Coleman (ecc@illinois.edu) is leading this one, and he’d welcome assistance. To help with Grouper or evaluate any other product (please help), see https://docs.google.com/document/d/1m38xvE79xHIlSP0ZRRC3ggT-0WFDT-rUfs-AU9HWXA0/edit#

• Finishing up product evaluations
• Starting to look at the characteristics of a product comparison chart
• Plans continue, once products are compared, to document best practices
• Vision is to create a companion document to the TIER provisioning deliverables and the Grouper deployment guide. These deliverables create building blocks and a framework. Our work will recommend practices and policies to standardize the use of these blocks.