Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID


TIER Working Group Update

Posted on Aug 17, 2017 by Emily Eisbruch
Tags: Frontpage News, Recent Posts, Trust & Identity, Trust and Identity in Education and Research

By Keith Hazelton - University of Wisconsin-Madison and Warren Curry - University of Florida

The TIER Data Structures & API Working Group and TIER Entity Registry Working Group have been working closely on the definition of a "minimal/thin" registry, API security, messaging architectures, and evaluation of midPoint as a provisioning engine.

The most current TIER release can always be found on the TIER Package Delivery wiki.

Central to the TIER data ecosystem is a well-defined strategy for the creation and use of data repositories. The working groups have spent a lot of time finalizing a recommendation for TIER to include a "thin" registry containing only the minimum number of attributes common to all institutions. Any given institution can augment according to its own local needs using standards-based schema extension mechanisms. You can read the details of a "minimal/thin" registry in this blog which was included in the July 2017 Trust and Identity newsletter.

The working groups have, and continue to define and publish RESTful SCIM APIs for developers in the TIER environment. We have made enough progress that recent work has evolved to making the APIs secure. We have focused on authentication of the API client and/or the user on whose behalf the call is being made, and the application of appropriate access control over API access at the level of specific API methods. More information is available.

RESTful APIs and event-based messaging are complementary integration strategies. The working group is now shifting focus from API definition to building out a TIER messaging infrastructure. Event-based messaging supports both near-real-time integration and looser coupling between components, but its asynchronous nature poses additional challenges that must be addressed.

The Evolveum open-source midPoint IAM platform has become popular within the higher education community in the last year. The working groups have focused recently on evaluating midPoint as an alternative and/or complementary component to Grouper and COmanage as part of the TIER offering (depending on an institution’s current IAM base and overall requirements).

Efforts are underway to prepare demonstrations for the 2017 Technology Exchange (Oct. 15-19 in San Francisco) in all of these areas to illustrate solutions to real-world IAM challenges.