CIFER Community Identity Framework Keith Hazelton for Education - - PowerPoint PPT Presentation

Keith Hazelton

• U. of Wisconsin-Madison

Internet2 MACE VAMP, Utrecht 6 September 2012

CIFER

Community Identity Framework for Education and Research

• A developing practice of coordination across existing projects in

Kuali, Internet2, Jasig and elsewhere

• …with the goal of making radical improvements in higher

education Identity and Access Management (IAM) capability, ease of integration, and affordability

• A sponsor and coordinator of new development—but only

where it has to be

• An alternative business model for higher education IAM
• NOT Yet Another Open Source Software Development

Organization

2

What is CIFER, really?

CIFER Timeline

3

Workstream Year 1 Year 2 Registries OpenRegistry PSU CPR)

• Person Registry v1.0
• Identity Match v1.0
• Guest management
• On-going

enhancement Provisioning & Integration Grouper KIM

• System of Record (SoR)

to Registry & Registry to Consumer Toolkits

• Connectors to select

Consumer systems (email, LMS, library)

• Community-contributed

System of Record (SoR) to Registry connectors

• Dev. tool plug-ins to

accelerate integration

• More SoR and

Consumer connectors

• Business rules &

engine for automated ID & affiliation life- cycle management

CIFER Timeline

4

Workstream Year 1 Year 2 Access Management Grouper KIM, KEW

• Expand integration

between Grouper & Kuali Identity Management

• Refine KIM service

interfaces

• Workflow-based

permission mgmt. in Grouper, using Kuali Enterprise Workflow

• Business rules & engine

for access policy enforcement Authentication

• Password

Management v1.0

• Social IdP support
• AuthN for mobile apps
• Multiple Levels of

Assurance Shared Services

• Management

console beta

• Instrumentation API
• Management console

v1.0

• Reporting v1.0

• 1) There are many strategies or models
• Each one is appropriate to some set of facts on the

ground

• Event-driven messaging (the ideal, conceptually)
• Change-log processing
• Periodic diffs
• SO, CIFER should produce a Book of P&I

Recipes:

• Common dishes
• Common ingredients
• With optional substitutions

5

Late-night Epiphanies re P&I

• 2) As always, the right tool/utensil makes the

job easier

• SO, CIFER should identify good, useful tools (or create

them IFF necessary)

• Describe their uses

6

Late-night Epiphanies re P&I

• 3) Show is always better than tell
• SO, CIFER should actually bake a cake, sauté some

morels or cook a goose (or not)

• More “Sample Solutions”
• Less “Reference Implementations”

7

Late-night Epiphanies re P&I

• A Recipe Book
• Toolkits
• Sample Solutions
• CIFER can’t do it for you (no one can)
• But CIFER CAN, maybe, help you succeed at DIY

8

CIFER Provisioning and Integration

9

10

11

12

CIFER Development and Sustainability

• Lots of work. Where will the resources come

from?

• Direct investment (people and funding) by I2 and Kuali
• In existing (where possible) or new (where necessary)

projects

• With a significant fraction coming from institutional

contributions

• Targeted to crucial gaps—Identity Registries at Berkeley, Penn State
• Or seconding local talent to the work
• Or direct contributions to a development funding pool
• And with a defined model for long-term sustainability
• Campus annual subscription model
• Commercial partners (e.g., Unicon) who contribute back a share of

revenues from service contracts

13

CIFER Development and Sustainability

• The goal: Comprehensive IAM solutions
• by the education and research community
• for the education and research community

14

For More Information http://ciferproject.org

CIFER

Community Identity Framework for Education and Research