THE TIERINITIATIVE - Internet2...• Docker containers • Virtual machine images to run the containers • Focus on automation tools • Build containers and VMs ... • IdMatch service

NEW AND EMERGINGTECHNOLOGY AND CONCEPTS

THE TIER INITIATIVE

TechEx Base CAMP

September 25, 2016

Keith Hazelton, UW-Madison

• TIER•

• “TI”: Trust and Identity

• “ER”: of, by and for the Higher Education and Research Communities

• TIER is a community-initiated effort, coordinated by internet2

• …to develop a consistent, rationalized approach to identity and access management

• …that simplifies campus processes and advances inter-institutional collaboration and research

• TIER is both an open source toolset and a campus practice set

• Reference Architecture

• Specifications

• Best Practices Documentation

• Demo Workbench

• Reference Implementations

• Data Models

• Deployment Guides

• Production Workbench

WORKGROUPS / DEVELOPMENT

• APIs and Data Structures

• Entity Registries

• Reference Architecture

• Security and Audit

• Packaging

• Scalable Consent

• Shibboleth

• Grouper

• COmanage

• Instrumentation

Plus Commercial Development Partners

REFERENCE ARCHITECTURE

• https://spaces.internet2.edu/pages/viewpage.action?pageId=98306902

API AND DATA STRUCTURES

https://swaggerhub.com/api/bsavage/grouper_scim/v2

TIER MODEL

PACKAGING STRATEGY

• Component teams retain traditional installers• These will continue to be needed well into the future

• Provide additional release types for the components• Docker containers• Virtual machine images to run the containers

• Focus on automation tools• Build containers and VMs• Automate testing• Over time, goal of weekly builds• Identify and deploy tooling that is able to deliver multiple formats

• Keep pace as technology changes

SHIBBOLETH IDP VM EXAMPLE

• Build

• Shibboleth configuration tree

• Simple tooling for initial IdPconfiguration

• Docker container build

• Scripting for operations

• Operation

Docker Tomcat –ShibIdp_0

Docker Tomcat –ShibIdp_1

Docker HAproxy

Two Functions: Build and Operate

https://testbed.tier.internet2.edu

INCEPTION OF METRICS AND INSTRUMENTATION

HOW TO LEARN MORE, GET INVOLVED

ADDITIONAL TECH EX SESSIONS ON TIER

• Demos and Discussions: M – W, TIER booth in dining area, Biscayne Room

• Grouper Provisioning: Locally and Cloud, Monday, 10:20 – 11:10 am, Bayfront A

• Trust and Identity: Lightning Talks, Monday, 11:20 – 12:10 am, Bayfront A

• What's New & What's Next with TIER, Tuesday, 8:00 am, Bayfront A

• Update on Consent, Tuesday, 10:20 – 11:10 am, Bayfront A

TIER DEVOPS ENVIRONMENT - FIRST VIEW OF NEW TIER COMMUNITY

TESTING AND USABILITY PLATFORM

• Community members will get a first view of the new TIER community testing and usability platform, also known as the Demo Workbench. See schedule for details

• First-hand demonstrations, examples and “showcase explanations” of work products being generated through the efforts of the TIER Working Group teams, including:• An end-to-end implementation of one of the narratives from the Reference

Architecture featuring a small-scale but full-featured TIER IAM infrastructure.

• Consent-informed Attribute Release (CAR) service

• IdMatch service and its integration into the Demo Workbench

• Preview of COmanage v1.1.0 including capabilities for loading external source records

OTHER RESOURCES

• Check out the TIER FAQ•

• Subscribe to the monthly TIER Newsletter•

• Subscribe to one or both of the TIER-Discussion mail lists

• Tier-discussion@internet2.edu is for all general, non-technical discussions about TIER and may be used to contribute any thoughts about the direction or shape of TIER.

• Tier-architecture@internet2.edu is generally focused on the Institutional Technology Architects and Identity Management professionals. This list will primarily focus on the implementation goals and technologies required to make identity components work well within and across participating institutions.

• Address e-mail to pubsympa@internet2.edu

• Enter the case-insensitive email subject:

• Subscribe Tier-discussion@internet2.edu or

• Subscribe Tier-architecture@internet2.edu

• Send! (You’ll receive email confirmation of the subscription shortly)

BEST OF ALLJOIN A TIER WORKING GROUP

• TIER Data Structures and APIs WG,

• To subscribe: https://lists.internet2.edu/sympa/subscribe/tier-api

• TIER Entity Registry WG

• To subscribe: https://lists.internet2.edu/sympa/admin/tier-entreg

• TIER Grouper Deployment Guide WG

• To subscribe: https://lists.internet2.edu/sympa/info/tier-deploy-guide

• TIER Packaging WG:

• To subscribe: https://lists.internet2.edu/sympa/subscribe/tier-packaging

• TIER Security and Audit WG:

• To subscribe: https://lists.internet2.edu/sympa/subscribe/tier-security-audit