TIER Supports the Weave of Research and Education
by Ken Klingenstein, Internet2
Trust and Identity have become necessary enablers and integrators across the entire academic mission. Researchers need to use their campus identities in global collaborations, classes need to access controlled academic resources, scientific equipment needs strong identity protection, summer high school students who become university students (and perhaps even university professors) need to weave their scholarly dots together.
From a TIER perspective, the software that supports the identity management needs of both research and education should be built from common tools. Beyond the bedrock of a directory, a few core tools – each of which needs to be federation-savvy – can span most basic identity infrastructure needs: a person registry, group management, and authentication and attribute release components. These tools should be readily assembled to support both enterprise and virtual organization use cases. The TIER program is working on the coherent assembly of these tools at the institutional level.
For virtual organizations (VOs), TIER is also delivering COmanage, which provides an integrated identity management platform to support collaborations. COmanage provides identity and access management across the breadth of collaborative applications, from easy group creation to management and delegation of research roles and life-cycle identity management.
While COmanage is intended to meet the identity management needs of a collaboration, the collaborators themselves care far more about their collaborative tools and applications – wikis, listservs, and schedulers; as well as domain-specific items like research applications, scholarly databases, and science gateways. The challenge is to move the identity and access control management activities from each of these applications to a common collaborator-managed location that can drive current identity, group and role information into all the applications, using open standards.
In COmanage terminology, applications that can accept identity, authentication and access control management via external open standards are called “domesticated.” The list of domesticated applications is growing steadily, but it is still work to shift an application from a self-contained world into a federated one.
COmanage can be used in several different deployment models. The VO itself can run the software, as is the case with LIGO, the international physics consortium that recently discovered gravitational waves. An institution may run a COmanage farm to serve the collaborations that are hubbed at the institution. There is even the potential for cloud-based delivery of the service.
LIGO researchers have benefited from COmanage to secure and simplify access to resources. Photo courtesy of the LIGO Laboratory.
Other components of TIER release 1 also reflect the requirement to integrate research with education. The latest version of the eduPerson schema is part of the TIER release and contains an attribute to hold the ORCID identifier. This identifier serves to connect the scholarly activities of an individual as that person changes his or her status or moves from one institution to another. It integrates with many scholarly management systems such as VIVO, publishers such as Elsevier, and grant processing at funding agencies. Institutions that facilitate their academic collaboration through support of ORCID identifiers enable valuable capabilities for their scholars.
Our unique niche in life is to integrate research with education and to ease barriers to collaboration. The TIER approach of reusing core components to support the fabric of identity management at both enterprise and virtual organization helps institutions serve their core missions.