Welcome to the TIER
August Newsletter

Welcome to the TIER (Trust and Identity in Education and Research) Newsletter for August 2016. The purpose of this e-newsletter is to keep you informed on what's happening in the TIER project.

About TIER

TIER is a community-initiated effort, coordinated by Internet2, to develop a consistent, rationalized approach to identity and access management that simplifies campus processes and advances inter-institutional collaboration and research. TIER is both an open source toolset and a campus practice set.

Share this newsletter with your friends and colleagues!


From the TIER Community Investor Council

Paths Forward for Trust & Identity: Conclusions of Summer Planning

As we shared with you in July, Kevin Morooney, Internet2 vice president for trust and identity, has conducted several meetings (referred to as “Paths Forward”) to align discussions and expectations regarding Trust and Identity. In particular, we looked at potential sustainable funding models for InCommon, TIER components, and other efforts regardless of how they were initially started (federal grants, membership dues, one-time investments, etc.) This article is a summary of the combined findings from those conversations. Please read the full blog post.

The Landscape of DevOps within TIER

working group

The concepts surrounding the DevOps (Development/Operations) structure are complex and continue to evolve to encompass a wide range of practices and processes. One of the best explanations of DevOps can be found here: https://theagileadmin.com/what-is-devops/. This particular perspective expresses the nuance that the TIER Working Group teams have had to navigate in constructing their response to the community requirements. Read the full post about the Landscape of TIER DevOps.

A Core Identity Standard Gets Revised

github interface

For a long time, a publication by NIST called Special Publication (SP) 800-63 Electronic Authentication Guideline has served as the reference standard describing processes that do basic identifying and authenticating to control access to applications (NIST is the National Institute of Standards and Technology). While specifically scoped to address government identity needs only, it has been adopted across sectors as a de facto standard and internationally. Unfortunately, over time NIST SP 800-63 has become out of date, not reflecting new technologies and approaches. To address that, NIST is now creating a new version of SP 800-63 that is remarkably novel in both its architecture and in its community engagement approach. Read the full blog post.

TIER Community Contributor Spotlight

Bill Thompson, Lafayette College

Bill Thompson

(Left) Bill Thompson, Director for Digital Infrastructure, Lafayette College

Bill Thompson, director for digital infrastructure for Lafayette College, participates in a number of TIER working groups. His current focus is working with the community to distill diverse Grouper deployment examples into specific TIER guidance and recommendations. As more and more services migrate to the cloud, Bill sees identity management and the work of TIER as becoming increasingly critical. “More than ever our ability to quickly and securely onboard and manage access to new services is critically dependent on our IAM architecture and capabilities,” Bill says. “Identity (and access management) truly is the new perimeter.” See the full blog post on Bill Thompson for more.

Working Group Updates

TIER Data Structures and APIs

The Data Structures and APIs working group has been building out the capabilities of TIER’s applications programing, focusing on the Grouper API. Since July’s TIER newsletter the number of TIER API operations supported in the Grouper codebase has more than doubled. Additionally the working group has also been developing demonstrations of its midPoint and COmanage components as part of the TIER Workbench mentioned in Steve Zoppi’s blog. For further information, please visit this working group’s wiki.

TIER Entity Registry

The Entity Registry Working Group has been focusing on expanding and refining its Reference Architecture, which demonstrates the components of TIER as well as how they will work together in various use cases. It has also been evaluating open source solutions for increasing the functionality of TIER’s components. Some of the solutions being reviewed have included midPoint for registry functions and the messaging capabilities of Grouper as a way to handle user provisioning. For further information, please visit this working group’s wiki.

TIER Packaging

The Packaging Working Group has continued work with the vendor on the Release 2 versions of the Docker and VM images for the Shibboleth IdP, Grouper, and COmanage. This includes dealing with issues relating to configuration management, default configurations, testing, the Docker image build process, protection of passwords and keys, and other similar topics.   Additional work continues on some of the operational aspects of the environment including maintaining component operation during the container restarts that are naturally needed part of a Docker-based approach to configuration management. For further information, please visit this working group’s wiki.

TIER Security and Audit

The Security and Audit Working Group has been working toward deliverables it expects to have in place in time for next month’s Technology Exchange. These include updated recommendations for secure TIER development processes, best practices for ongoing security testing, and operational security processes such as change management, incident response, logging for audit purposes, and data lifecycle management. You can see the working group’s priorities timeline on the wiki.

TIER Component Architects

The TIER Component Architects Group focuses on alignment of TIER processes, including the common core of technology platforms and tools. Recent discussions have centered on TIER reference architecture, TIER component and container distribution, instrumentation (long and short term) to help with management, quality and performance, and TIER security and risk management processes. Steve Zoppi (Internet2) leads the group. Component architects include Scott Cantor, Ohio State University (Shibboleth); Chris Hyzer, University of Pennsylvania (Grouper); Benn Oshrin, Spherical Cow Group (COmanage); Ken Klingenstein, Internet2 (Consent); and Nick Roy, Internet2 (InCommon).

TIER working group chairs include: Keith Hazelton, University of Wisconsin - Madison, leads APIs and Data Structures; Warren Curry, University of Florida, co-chair with Benn Oshrin in Entity Registry work; Helen Patton, The Ohio State University, leads Security and Audit; Ken Klingenstein, Internet2 leads Consent; Nick Roy, Internet2, InCommon Federation. Key participants from these areas and more also join the calls.

Key Internet2 identity initiatives are supported in part by National Science Foundation grants. For more information, see specific software sites.

Visit the Internet2 Email Preferences Center to manage your email subscriptions for TIER, events and other news.