Bill Yock University of Washington [email protected] Coordinating Education and Research Communities to radically improve Identity and Access Management. Shel.

Bill YockUniversity of [email protected]

Coordinating Education and Research Communities to radically improve Identity and Access Management.

Shel WaggenerSVP, [email protected]

Agenda

What are the unique challenges in Education and Research and what activities are underway?What is an Identity Framework and why do we need one?Who is the Community and how can we work better together?

So what is CIFER really? What are the Planned Outcomes and Execution Strategies?

Education and Research –We are complex institutions!

Diverse ecosystems of technologies and applicationsVery sensitive data and complex regulatory requirementsGrowing federation and inter-federation needsDynamically changing identity contexts

IAM Community Activities – Our complexity leads to a plethora of open source solutions!

CAS, Shibboleth, Grouper, KIM, OpenReg, CPR, Identity Match, CoManage/CoCoA, InCert, uApprove, InCommon Assurance, CommIT, ORCID, OpenIDM, Syncope, iRODS, CILogon, u-Prove, FICAM, NSTIC IDESG, InCommon Federation, SimpleSAML.php, COManage, IRMA, PubCookie, InCommon Quilt, Kerberos, ConnID, OpenIDConnect, Oauth, OpenICF, SCIM, XACML, Social2SAML, MDX, Metadata Aggregator, ABC4Trust, NSTIC Scalable Privacy, KOM, OpenIdM, EduGain, Moonshot, …

A partial list of education and research related open source projects and standards – not to mention the many commercial offerings!

Identity Framework – Because digital identities are hard we need focus!

Conceptual models to classify and organizeFunctional models for common definitions and use casesStandard API’s and protocols for ease of use and interoperability

Conceptual Framework of Identity

The CIFER Functional Framework

CIFER Framework/Project Landscape

Reference Implementations /

Interop Improvements

Design and Build /

Integrate Components

Embrace Standards /

Create Toolkits and

API’s

Community – It takes a Global Village!

Growing cooperation amongst existing communities and projects

Identity Management in Higher Education – A View of the Landscape http://goo.gl/7tV4VO

A growing “Community of Practice” of IAM expertsWork Groups organized around the CIFER Framework areas (API’s, P&I, Identity Registry, Access Management, Authentication)

What CIFER is – Coordination amongst the Villages!

• Connecting the villages takes a lot of effort

• Need “seamful” experiences• Minimize duplication of

features• Identify critical path

opportunities and code• Requires Global Cooperation

and Collaboration

Shib

EduGAIN

KIM

Grouper

Moonshot MFA

CPR

Other

Other

Other

What CIFER is – Coordination is NOT controlling the Villages!

Coordination

Coordination Coordination

Coordination

• Resource Augmentation

• Documentation• Stewardship

• Interfaces & APIs• Architectures• Feature Roadmaps

CIFER Progress – Lots of great work already done!

Active Work Group participationCross Work Group Coordination Committee formedBeginning of a functional frameworkDraft of Standard API’sPreliminary design of provisioning toolkitsPreliminary design of identity matching toolkitsBeginning of reference implementation test beds

https://spaces.internet2.edu/display/cifer/CIFER+Home

CIFER Strategic Plan of AttackBuild frameworks and tools, create a sustainability model

Refine framework, establish baseline resources, develop overall plans

• Full Functional Model• ID Match/Reconciliation toolkit• Standard APIs• Product Test Drives• Build Product Strategy Maps

$2 M – Institutional Angels, Individual Donations

Establish Dev team, construct governance and integration tools, test and document capabilities

• Provisioning Toolkits• IAM Console – Governance and

Audit• Enhanced Attribute Based Access

Control

$6M – Increased Institutional membership, Possible Grants

Framework certification, Enable inter-federation services, Personal privacy

• Certification Mark service• Federation policy management

tools• Personal privacy tools

$1M / Yr – Membership fees, Certification Mark fees

StartupFY14

AccelerateFY15 – FY16

SustainFY17 & beyond

Areas of Focus

CIFER Deliverables

Funding Needs / Strategies

CIFER Strategic AlliancesNew strategic alliance between Internet2 and Kuali!

CIFER Consortium Charter adopted by Kuali and Internet2 leadership to support planned outcomesDraft membership agreements in progress, preliminary pledges include

InCommon to be Consortium OperatorInternet2 increased investment (AVP of Integration contribution of half-time FTE $120K, Grouper $240K)

Kuali Rice Partners increased investment (UW $240K, Iowa State $240K, Cornell $120K)

Penn State Contribution of Central Person Registry (CPR)

CIFER ParticipationIndividual and Institutional Participation Needed!

SupporterLevel

ContributorLevel

PrincipalLevel

Eligible for “Readiness Assessment” support

Eligible for “Implementation Assistance” support

Eligible to sponsor new Work Groups

Eligible for Elected Board Seats

Eligible for Appointed Board Seats

Individual contributions of $20 eligible for cool logo ware and chance for prizes!Any IAM enthusiast eligible to participate in Working Groups!

$1 / FTE Student

$2 / FTE Student

$5 / FTE Student

CIFER Support ProgramsExamples of proposed programs based on membership levels

Readiness Assessment Program (*) For Supporting, Collaboration and Partner Members

Implementation Assistance Program (*) For Collaboration and Partner Members only

Survey that institutions fill out regarding current state of their IAM environment based on CIFER Framework criteria. CIFER IAM experts review and comment on recommendations for improvements based on institutional goals.

Up to 40 hours of review, configuration and troubleshooting, by CIFER IAM experts, of any of the products available in the reference implementation test drive area that an adopting institution is attempting to deploy.

(*) Actual program details to be defined and adopted by initial CIFER Consortium Board…

How to Get Involved – Become an active participant!

Join an open Work Group committeeBecome an Institutional Investor – Sign CIFER Consortium Membership AgreementsBecome an Individual Donor – Make a small donation, receive a cool CIFER t-shirt

For more information www.ciferproject.org and [email protected]