"As higher education moves IT services to the cloud and moves towards greater interdependence among campuses, we need increased standardization — including regular upgrades to identity management software we depend on — to allow us to work together better."
—Klara Jelinkova, Vice President for Information Technology and CIO, Rice University
Community Approach to Consistent Identity Management
TIER is a community-driven effort, coordinated by Internet2, to develop a consistent approach to identity and access management (IAM) that simplifies campus processes and advances inter-institutional collaboration and research. TIER is both an open-source toolset and a campus practice set focused on:
- sustaining the community software investment
- integrating the software and project teams together
- extending the software and practices to support common contributed use cases.
TIER provides an effective federated identity, attribute, and authorization management system and builds on more than a decade of community work to develop the InCommon Federation, Shibboleth Single Sign-On and Federating Software, Grouper enterprise access management software, COmanage (collaborative organization management software and person registry), and other identity and access management solutions. TIER integrates these services and provides a consistent interface and packaging.
The Need for TIER
Professor Peterson is doing research at Northeastern University. He wants to use high performance computing resources in the Massachusetts Green High Performance Computing Center (MGHPCC) that are hosted by Boston University. Professor Peterson opens the Boston University quick start guide for Shared Computing Cluster (SCC) and finds that he needs to establish an account with Boston University and then use this account to authenticate to SCC.
This is just one among hundreds of examples of the need for better support for research and scholarship collaboration. As Northeastern, BU, and the MGHPCC are all InCommon participants, this scenario should be much easier.
Just as important as this integration is the creation of a long-term model for sustainable support and development. TIER institutions are creating and adopting a community-defined set of practices to ensure a common approach to providing access to resources for researchers, faculty, staff, and students.
The TIER program focuses on delivering a packaged suite of components with consistent development and release schedules. Initially, to accelerate campus adoption, the components are packaged as a virtual machine and will ultimately be preconfigured as Docker containers to work well together in the context of the InCommon Federation. As TIER evolves, this approach will allow for greater “plug and play” capability.
Campus Practice Set
As important as the software components, TIER also focuses on the practices, standards, and community alignment that comes from adopting a common approach to identity and access management. Community-developed best practices, for example, will support multi-campus (and international) research, scholarship, teaching, and learning. Common approaches to identity and access management will help align campus approaches to both on-premise and cloud-based solutions. See the details on the community practices and requirements.
Doing the Work
TIER relies heavily on several working groups to get the work done, involving more than 100 active, contributing participants from the community, representing hundreds of years of identity and access management and campus experience. These teams have ensured complete and comprehensive software development, documentation, community outreach, partner engagement, and campus engagement. Internet2 has also hired software developers, a project manager, and a vice president for trust and identity thanks to the funds provided by the 49 TIER investor institutions.
TIER is a response to the need for a comprehensive suite of identity services tools and software, and consistent campus identity practices.
Since 1999, the Internet2 community has collaborated to develop open-source software packages supporting identity and access management (Shibboleth, Grouper, and COmanage) and deployed the InCommon Federation. These components were built largely on the basis of multiple, one-time grants which provided little consistency of development and support over time. The community realized that more needed to be done.
TIER grew out of campus discussions, begun in 2014, to align these and other efforts as the basis for an open-source, community-developed identity and access management suite, with coordinated campus practices to ensure interoperability. While many campuses have existing pieces in place, the individual open-source software solutions were not consistently organized or readily interoperable; nor was there evidence of sustainable development and regular upgrades.
In 2015, 49 colleges and universities made a three-year financial commitment for the TIER start-up and formed the TIER Community Investor Council (TCIC) to guide the planning and development. Internet2 provides the day-to-day management and staffing of TIER software development, support for community working groups, and development of community practices. The TCIC will also set the stage for the long-term sustainability of TIER, addressing both funding and governance.
At the same time, Internet2 conducted a series of workshops intended to capture community input on what TIER should look like. Those workshops gathered 200 campus stories which were distilled into more than 60 community requirements. The community reviewed and accepted these requirements and included work from the InCommon Federation and the MACE-Directories Working Group, providing profiles and partnerships for improved interoperability and support for research. A bootstrapping group of community members and Internet2 staff began putting into place the building blocks for a national development effort. More than 100 members of the community now serve on the various working groups involved with TIER development.
April 2016 marked the first TIER software release. Future releases will incorporate a community identity provider and a scalable consent module, as well as extended and refined APIs which will address cross-component functionality and management of the components.
TIER Community Investor Council
This group guides the planning and development of TIER, representing the TIER investor schools.
|Klara Jelinkova (chair)||Vice President for IT and Chief Information Officer||Rice University|
|Tom Barton||Senior Director for IT Architecture, Integration, and Security,
and Chief Information Security Officer
|University of Chicago|
|Eric Denna||Vice President, Information Technology and Chief Information Officer||University of Maryland|
|Tracy Futhey||Vice President for Information Technology and Chief Information Officer||Duke University|
|Ron Kraemer||Vice President and Chief Information and Digital Officer||University of Notre Dame|
|Kevin Morooney||Vice President, Trust and Identity||Internet2|
|John O'Keefe||Vice President and Chief Information Officer||Lafayette College|
|Kelli Trosvig||Vice President for Information Technology and Chief Information Officer||University of Michigan|
The TIER vision of a regular cadence of software releases, and adoption of consistent community IAM practices represent a paradigm shift and signal the evolution toward a more mature means of operating.
How to Get Involved
Trust and Identity Newsletter • Subscribe!