Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID


Internet2 Community Member Warren Curry Advances TIER's Efforts Around APIs and Schema

Jan 19, 2016, by Emily Eisbruch
Tags: Community, TIER, Trust & Identity, Trust and Identity in Education and Research

Written by: Keith Hazelton, University of Wisconsin

The Trust and Identity in Education and Research (TIER) Initiative relies on the contributions of numerous community members. We are pleased to share a profile of Warren Curry, Identity and Access Management (IAM) guru at the University of Florida. 

In joining the TIER Data Structures and API working group, Warren brings his twenty-plus years of experience in the field to TIER's efforts around Identity Registry APIs and schema. In a recent conversation, Warren said he considers the TIER Initiative as having the potential to be one of those rare catalyzing events that generate a new round of major advances in IAM.

The University of Florida sees 2016 as a year in which they plan to achieve major advances in IAM capabilities. Their current identity registry is vintage 2003, and account management, provisioning and user interface implementations followed between then and 2006. For the last decade or so, the only changes have amounted to minor facelifts. One of U Florida's core design commitments is around Master Data Management (MDM), for the person registry of course, but also for groups, roles and entitlements. Warren notes that the timing is such that their campus projects will have to proceed in parallel with TIER developments rather than waiting for TIER to deliver a complete, ready-made solution.

Warren has recently offered TIER his University's comprehensive and high-quality documentation on their identity registry schema, functions and APIs. This will be a valuable reference point and reality check for the API and schema work around a TIER identity registry. Influences will likely flow both ways: As TIER architecture takes shape with the help of Warren's group's contributions, it may in turn influence the University of Florida's designs.

Grouper, the TIER group and privilege management tool, is also on U. Florida's near term deployment list as a replacement for a piecework set of role and entitlement solutions scattered across the University IT landscape. Warren sees Grouper and Grouper-based provisioning as a way to bring MDM concepts into this space. However, he feels there is a missing piece in the Grouper adoption story that needs attention. "I see Grouper as a giant box of Legos in eight or sixteen colors, but they're all one-space lego pieces. You can build anything, but there are lots of ways to do it. I would like to see TIER devote resources to developing templates for common service scenarios." In other words, a bare install of the Grouper package is a start, but some additional scaffolding in the form of configurations and conventions based on successful models at other campuses would accelerate an adopting campus's path to rolling out actual services.

Warren's depth of experience and willingness to engage and contribute to the TIER effort is just the kind of contribution from the higher education and research community that will increase the chances of success and reduce the amount of time to get there.