Coordinating Education and Research Communities to
radically improve Identity and Access Management.
Bill Yock
University of Washington
byock@uw.edu
Shel Waggener
SVP, Internet2
swaggener@internet2.edu
What are the unique challenges in Education
and Research and what activities are underway?
What is an Identity Framework and why do we
need one?
Who is the Community and how can we work
better together?
So what is CIFER really? What are the Planned
Outcomes and Execution Strategies?
We are complex institutions!
Diverse ecosystems of technologies and
applications
Very sensitive data and complex regulatory
requirements
Growing federation and inter-federation needs
Dynamically changing identity contexts
Our complexity leads to a plethora of open source solutions!
CAS, Shibboleth, Grouper, KIM, OpenReg, CPR, Identity Match,
CoManage/CoCoA, InCert, uApprove, InCommon Assurance,
CommIT, ORCID, OpenIDM, Syncope, iRODS, CILogon, u-Prove,
FICAM, NSTIC IDESG, InCommon Federation, SimpleSAML.php,
COManage, IRMA, PubCookie, InCommon Quilt, Kerberos, ConnID,
OpenIDConnect, Oauth, OpenICF, SCIM, XACML, Social2SAML,
MDX, Metadata Aggregator, ABC4Trust, NSTIC Scalable Privacy,
KOM, OpenIdM, EduGain, Moonshot, …
A partial list of education and research related open
source projects and standards – not to mention the
many commercial offerings!
Because digital identities are hard we need focus!
Conceptual models to classify and organize
Functional models for common definitions and
use cases
Standard API’s and protocols for ease of use and
interoperability
Design and
Build /
Integrate
Components
Reference
Implementations /
Interop
Improvements
Embrace
Standards /
Create
Toolkits and
API’s
It takes a Global Village!
Growing cooperation amongst existing
communities and projects
Identity Management in Higher Education – A View
of the Landscape http://goo.gl/7tV4VO
A growing “Community of Practice” of IAM
experts
Work Groups organized around the CIFER
Framework areas (API’s, P&I, Identity Registry,
Access Management, Authentication)
Coordination amongst the Villages!
KIM
Shib
EduGAIN
CPR
Grouper
Moonshot
MFA
Other
Other
Other
• Connecting the villages takes
a lot of effort
• Need “seamful” experiences
• Minimize duplication of
features
• Identify critical path
opportunities and code
• Requires Global Cooperation
and Collaboration
Coordination is NOT controlling the Villages!
• Interfaces & APIs
• Architectures
• Feature Roadmaps
• Resource
Augmentation
• Documentation
• Stewardship
Lots of great work already done!
Active Work Group participation
Cross Work Group Coordination Committee formed
Beginning of a functional framework
Draft of Standard API’s
Preliminary design of provisioning toolkits
Preliminary design of identity matching toolkits
Beginning of reference implementation test beds
https://spaces.internet2.edu/display/cifer/CIFER+Home
Build frameworks and tools, create a sustainability model
Areas of
Focus
Startup
FY14
Accelerate
FY15 – FY16
Sustain
FY17 &
beyond
CIFER
Deliverables
Funding Needs /
Strategies
Refine framework,
establish baseline
resources, develop overall
plans
•
•
•
•
•
Full Functional Model
ID Match/Reconciliation toolkit
Standard APIs
Product Test Drives
Build Product Strategy Maps
$2 M – Institutional
Angels, Individual
Donations
Establish Dev team,
construct governance and
integration tools, test and
document capabilities
•
•
Provisioning Toolkits
IAM Console – Governance and
Audit
Enhanced Attribute Based Access
Control
$6M – Increased
Institutional
membership,
Possible Grants
Framework certification,
Enable inter-federation
services, Personal privacy
•
•
Certification Mark service
Federation policy management
tools
Personal privacy tools
$1M / Yr –
Membership fees,
Certification Mark
fees
•
•
New strategic alliance between Internet2 and Kuali!
CIFER Consortium Charter adopted by Kuali and
Internet2 leadership to support planned outcomes
Draft membership agreements in progress, preliminary
pledges include
InCommon to be Consortium Operator
Internet2 increased investment (AVP of Integration contribution of half-time FTE
$120K, Grouper $240K)
Kuali Rice Partners increased investment (UW $240K, Iowa State $240K, Cornell
$120K)
Penn State Contribution of Central Person Registry (CPR)
Individual and Institutional Participation Needed!
Individual contributions of $20 eligible for cool logo ware and chance for prizes!
Any IAM enthusiast eligible to participate in Working Groups!
Supporter
Level
Contributor
Level
Principal
Level



Eligible for “Implementation Assistance” support


Eligible to sponsor new Work Groups




Eligible for “Readiness Assessment” support
Eligible for Elected Board Seats


Eligible for Appointed Board Seats
$1 / FTE
Student
$2 / FTE
Student
$5 / FTE
Student
Examples of proposed programs based on membership levels
Readiness Assessment Program (*) For Implementation Assistance Program (*)
Supporting, Collaboration and Partner For Collaboration and Partner Members
Members
only
Survey that institutions fill out
regarding current state of their IAM
environment based on CIFER
Framework criteria. CIFER IAM experts
review and comment on
recommendations for improvements
based on institutional goals.
Up to 40 hours of review, configuration
and troubleshooting, by CIFER IAM
experts, of any of the products available
in the reference implementation test
drive area that an adopting institution is
attempting to deploy.
(*) Actual program details to be defined and adopted by initial CIFER
Consortium Board…
Become an active participant!
Join an open Work Group committee
Become an Institutional Investor – Sign CIFER
Consortium Membership Agreements
Become an Individual Donor – Make a small
donation, receive a cool CIFER t-shirt
For more information www.ciferproject.org
and info@ciferproject.org