From the TIER Community Investor Council
As we shared with you in July, Kevin Morooney, Internet2 vice president for trust and identity, has conducted several meetings (referred to as “Paths Forward”) to align discussions and expectations regarding Trust and Identity. In particular, we looked at potential sustainable funding models for InCommon, TIER components, and other efforts regardless of how they were initially started (federal grants, membership dues, one-time investments, etc.) This article is a summary of the combined findings from those conversations. Please read the full blog post.
The concepts surrounding the DevOps (Development/Operations) structure are complex and continue to evolve to encompass a wide range of practices and processes. One of the best explanations of DevOps can be found here: https://theagileadmin.com/what-is-devops/. This particular perspective expresses the nuance that the TIER Working Group teams have had to navigate in constructing their response to the community requirements. Read the full post about the Landscape of TIER DevOps.
For a long time, a publication by NIST called Special Publication (SP) 800-63 Electronic Authentication Guideline has served as the reference standard describing processes that do basic identifying and authenticating to control access to applications (NIST is the National Institute of Standards and Technology). While specifically scoped to address government identity needs only, it has been adopted across sectors as a de facto standard and internationally. Unfortunately, over time NIST SP 800-63 has become out of date, not reflecting new technologies and approaches. To address that, NIST is now creating a new version of SP 800-63 that is remarkably novel in both its architecture and in its community engagement approach. Read the full blog post.
TIER Community Contributor Spotlight
(Left) Bill Thompson, Director for Digital Infrastructure, Lafayette College
Bill Thompson, director for digital infrastructure for Lafayette College, participates in a number of TIER working groups. His current focus is working with the community to distill diverse Grouper deployment examples into specific TIER guidance and recommendations. As more and more services migrate to the cloud, Bill sees identity management and the work of TIER as becoming increasingly critical. “More than ever our ability to quickly and securely onboard and manage access to new services is critically dependent on our IAM architecture and capabilities,” Bill says. “Identity (and access management) truly is the new perimeter.” See the full blog post on Bill Thompson for more.
TIER Data Structures and APIs
The Data Structures and APIs working group has been building out the capabilities of TIER’s applications programing, focusing on the Grouper API. Since July’s TIER newsletter the number of TIER API operations supported in the Grouper codebase has more than doubled. Additionally the working group has also been developing demonstrations of its midPoint and COmanage components as part of the TIER Workbench mentioned in Steve Zoppi’s blog. For further information, please visit this working group’s wiki.
TIER Entity Registry
The Entity Registry Working Group has been focusing on expanding and refining its Reference Architecture, which demonstrates the components of TIER as well as how they will work together in various use cases. It has also been evaluating open source solutions for increasing the functionality of TIER’s components. Some of the solutions being reviewed have included midPoint for registry functions and the messaging capabilities of Grouper as a way to handle user provisioning. For further information, please visit this working group’s wiki.
The Packaging Working Group has continued work with the vendor on the Release 2 versions of the Docker and VM images for the Shibboleth IdP, Grouper, and COmanage. This includes dealing with issues relating to configuration management, default configurations, testing, the Docker image build process, protection of passwords and keys, and other similar topics. Additional work continues on some of the operational aspects of the environment including maintaining component operation during the container restarts that are naturally needed part of a Docker-based approach to configuration management. For further information, please visit this working group’s wiki.
TIER Security and Audit
The Security and Audit Working Group has been working toward deliverables it expects to have in place in time for next month’s Technology Exchange. These include updated recommendations for secure TIER development processes, best practices for ongoing security testing, and operational security processes such as change management, incident response, logging for audit purposes, and data lifecycle management. You can see the working group’s priorities timeline on the wiki.
TIER Component Architects
The TIER Component Architects Group focuses on alignment of TIER processes, including the common core of technology platforms and tools. Recent discussions have centered on TIER reference architecture, TIER component and container distribution, instrumentation (long and short term) to help with management, quality and performance, and TIER security and risk management processes. Steve Zoppi (Internet2) leads the group. Component architects include Scott Cantor, Ohio State University (Shibboleth); Chris Hyzer, University of Pennsylvania (Grouper); Benn Oshrin, Spherical Cow Group (COmanage); Ken Klingenstein, Internet2 (Consent); and Nick Roy, Internet2 (InCommon).
TIER working group chairs include: Keith Hazelton, University of Wisconsin - Madison, leads APIs and Data Structures; Warren Curry, University of Florida, co-chair with Benn Oshrin in Entity Registry work; Helen Patton, The Ohio State University, leads Security and Audit; Ken Klingenstein, Internet2 leads Consent; Nick Roy, Internet2, InCommon Federation. Key participants from these areas and more also join the calls.
Key Internet2 identity initiatives are supported in part by National Science Foundation grants. For more information, see specific software sites.
Visit the Internet2 Email Preferences Center to manage your email subscriptions for TIER, events and other news.