Nicholas Roy
Director of Technology and Strategy
InCommon / Internet2 Trust and Identity Services
Internet2 is a member-owned organization which provides high-performance networking, connectivity to services and a suite of trust and identity-oriented services and software to its members. Architects of software products such as Shibboleth, Grouper and COmanage work at universities, colleges and Internet2 affiliate organizations, and have had a hand in shaping core standards such as the Security Assertion Markup Language (SAML). The InCommon Federation, a SAML trust federation serving the US and global research and education community via an interfederation partnership with eduGAIN, now provides access to thousands of global service providers from thousands of identity providers at campuses, research labs and commercial partners. Notable among these is the Large Interferometer Gravity Wave Observatory (LIGO), which recently won a nobel prize in physics. The Internet2 components provide access management for the services which LIGO researchers use to perform their work, articulated via the InCommon/eduGAIN trust fabric.
For many years, Internet2 members and others have been able to use these products free of charge, but have needed to invest significant time in understanding the underlying technologies, and that has depended on specialist practitioner skills which are in short supply. As a means to make deployment of these components easier and lower the barrier to entry in effectively using them, the Internet2 community brought together IAM architects at many member institutions during 2014, to build a roadmap for introducing DevOps methodologies, new user interfaces, new APIs and new features into the suite. A need for an entity registry and other middleware to complete the suite were identified, and a set of community-run working groups were created to document the requirements and guide implementation of the roadmap. This effort was branded as “Trust and Identity in Education and Research” – TIER.
The community, via the TIER community investor council, invested up-front capital in the project and oversaw the work and high-level strategy for the TIER effort. Most recently, the program sought a group of campuses to deploy the TIER components in their environments, work through the needed integrations and create documentation. As TIER works through the final year of its start-up funding, a sustainability model to ensure continued progress on additional roadmap items is being developed. Internet2 is also adopting the TIER components for use in its own community collaboration platform, which will automate the creation and provisioning of access to wikis, mailing lists, slack channels, etc. This automation will in turn help the community to create additional working groups and contribute back to the components.
The TIER components were originally targeted by the community to run as stand-alone virtual machine images, but as schools transition to use of containerized approaches, we have shifted to use of Docker for packaging, and will use Kubernetes for orchestration of the IAM suite at scale.