Fifth Issue of Internet2 TIER Community Update Newsletter: February 22, 2016

View this email in your browser

TIER Community Update: February 2016

Welcome to the TIER (Trust and Identity in Education and Research) Newsletter for February. The purpose of this e-newsletter is to keep you informed on what's happening in the TIER project.

About TIER
TIER is a community-initiated effort, coordinated by Internet2, to develop a consistent, rationalized approach to identity and access management that simplifies campus processes and advances inter-institutional collaboration and research. TIER is both an open source toolset and a campus practice set.

More can be found in the TIER FAQ on our webpage - click here

From the TIER Community Investor Council:
Gravitational Wave Research, Federation and TIER

LIGO, the Laser Interferometer Gravity Observatory, confirmed part of Einstein’s theory of relativity on February 11 and federated identity management played a role in helping LIGO scientists get their work done. Klara Jelinkova, Vice President and CIO at Rice University and Chair of the TIER Community Investor Council, explains how TIER investors can help remove campus roadblocks that can hinder the work of LIGO and other international collaborative efforts in her new blog post.

In this Issue:
TIER Community Contributor Spotlight, TIER Technical Working Group News,  Finding TIER Info and Resources, Identity/TIER-Related Events, Stay Social with TIER

TIER Community Contributor Spotlight: Jim Fox, University of Washington

The subject of this month’s TIER Community Contributor Spotlight is University of Washington’s Jim Fox.

After a lifetime of programming operating systems and applications (he remembers a time when you could open a memory door and see the bits), Jim's professional horizons were dramatically expanded in 1999 when RL "Bob" Morgan joined the University of Washington's Identity and Access Management group. Jim was introduced to Internet2, Shibboleth and Grouper, and has been enthusiastically involved in these efforts ever since.

The University of Washington deployed a production Shibboleth Identity Provider years ago, when it was version 1.something, and this summer will see an upgrade to Shibboleth IdP version 3.2. "I really enjoy working with Shib 3," says Jim, "Most of our customizations that once required Java plugins can now be accomplished with  simple configurations. I am generally wary of such wholesale rewriting of working code, but this one turned out very well."

In recent months, Jim has redoubled his contributions to Internet2 Trust and Identity work, remaining active on the Grouper developer calls and also becoming a regular contributor on the TIER Data Structures and API working group calls. A supporter of the RESTful approach to APIs, Jim is appreciated by his peers for consistently bringing a thoughtful and insightful perspective to the discussions and collaborative work.

To read the full profile on Jim Fox, please see the blog.

TIER Technical Working Groups News

TIER Registries Working Group
The TIER Entity Registry Working Group was spun off from the TIER Data Structures and APIs Working Group with the intention to identify and document the minimum viable requirements for a TIER Registry component and to make recommendations about the criteria for the adoption of an official TIER Registry component. The set of recommendations generated by the group will then be used to guide API, development, and packaging work.

Warren Curry (University of Florida) agreed to chair the TIER Entity Registry working group, which held its first call on February 10 and will continue to meet twice a week. The group’s charter can be viewed here. Community members interested in assisting with this effort are encouraged to subscribe the group’s mailing list here.

TIER Packaging Working Group
Based on analysis of the TIER packaging survey, the TIER Packaging Working Group has identified adoption of Docker containers as a key direction for the TIER packaging work. While Docker was indicated as one of the most desirable solutions, many campuses responded that they lacked adequate expertise with Docker containers. The majority of campuses indicated they are currently running on some mix of physical servers, VMs, and/or virtual appliance. Only 9% are running Docker now, but most expect to be doing so within the next 1-2 years. As Jim Jokl, University of Virginia, the TIER Packaging Working Group chair, stated: “Our survey showed a low level of comfort with Docker containers now but also displayed a growing expectation that campus use of Docker would grow over the timeframe of TIER development. Using a Docker-centric approach now likely means that TIER will need to provide both the containers themselves and a preconfigured run environment so that campuses don’t need Docker expertise to deploy TIER components.”

The full TIER Packaging survey results are available in a variety of formats, and offer an interesting snapshot of not only the desired outcomes for TIER’s components but the state of identity management on the campuses today.

TIER Data Structures and APIs Working Group
In addition to creating the TIER Entity Registry Working Group (as detailed above), the Data Structures and APIs Working Group, chaired by Keith Hazelton, University of Wisconsin, has begun work on specifications for a set of the most common and useful management operations of its API. In defining these operations, the group drew from its native technical expertise and studied use cases from other campuses. The TIER packaging survey also informed decisions about the functionality and dependent components of the API.

TIER Security and Audit Working Group
The Security and Audit Working Group, under the leadership of Helen Patton, The Ohio State University, completed its operational charter and a work plan for the coming year, which was approved by the TIER Ad Hoc Advisory Group. The working group has also recruited subject matter experts, including community members with knowledge of regulatory compliance and those who have experience with other auditing processes around IdM. Also, meetings have moved from monthly to bi-weekly. The charter can be viewed here.

TIER Component Architects Group
The TIER Component Architects Group is moving into the next phase of collaboration with the API and Data Structures team. The latest topic is that of “instrumentation” for performance and utilization statistics as well as for operational monitoring. Keith Hazelton and the API team have begun discussions designed to answer questions of import arising from the broader adoption of the components. As functionality is added to each component, we will want to enable campus operations and IAM Architects (as well as the TIER development teams themselves) to understand whether or not that functionality is being utilized and how broadly. Based on that, development team resources may be redirected to higher priority projects and away from unused or underused functionality. Since the components will need to evolve over time, “hard numbers” of this kind will provide the most reliable guide to what our next steps should be as a community.

The TIER Component Architects Group is now holding weekly meetings to ramp up collaboration in preparation for the first release of TIER. The group focuses on aligning TIER processes, including the common core of technology platforms and tools. Steve Zoppi (Internet2) leads the group. Component architects include Scott Cantor, Ohio State University (Shibboleth); Chris Hyzer, University of Pennsylvania (Grouper); Benn Oshrin, Spherical Cow Group (COmanage); Ken Klingenstein, Internet2 (Consent); and Nick Roy, Internet2 (InCommon).

Finding TIER Info and Resources
New Resource Available:
Recorded webinar from IAM Online of Feb. 17. 2016 -
“Registries and Records, The Ties that Bind an IAM System”
Identity/TIER-Related Events
Stay Social with TIER
Twitter enthusiasts: follow #internet2TIER for latest news and follow @Internet2, Ann West @hawthornewest and Nick Roy @ncroy for articles, updates and the latest on the TIER community.
  • is for all general, non-technical discussions about TIER and may be used to contribute any thoughts about the direction or shape of TIER (open to everyone; authentication required).
  • generally focuses on the implementation goals and technologies required to make identity components work well within and across participating institutions. Although mainly of interest to technology architects and identity management professionals, the list is open to everyone (authentication required).
  • To subscribe: Send an email to with the subject (case insensitive): subscribe <list-name>
  • We encourage you to forward this newsletter to others in the community who would be interested in receiving these monthly updates. Would you like to subscribe to this monthly newsletter? Click here.

Key Internet2 identity initiatives are supported in part by National Science Foundation grants. For more information, see specific software sites.

Like Us on Facebook
Like Us on Facebook
Follow us on Twitter: #internet2TIER
Follow us on Twitter: #internet2TIER
See the TIER webpage for more info
See the TIER webpage for more info
Copyright © 2016 Internet2, All rights reserved.

Our mailing address is:
1150 18th St NW, Ste 900, Washington DC 20036 

You received this monthly e-newsletter because you have subscribed to TIER update email lists. We will not share this list with a third-party or send non-TIER-related news to this list.

unsubscribe from newsletter list    update subscription preferences