1. TIER: Quick Preview STEVEN ZOPPI AVP, NET+ Services Integration and Architecture 14 MAY 2014 / NOTRE DAME [CSG]

2. Build upon all of the great work the community has already done! –This is a systems integration problem first, then an invention problem thereafter … –Extend what works: e.g. NMI-EDIT Taking into consideration all of the landscape that Ken K presented earlier – but delivering iteratively, at a regular cadence TIER Objective

3. Start With a Sandbox Show What Works Evolve Over Time –Thanks to Keith Hazelton, Jim Jokl, Michael Gettes, Nate Klingenstein, Bill Yock Reference Architecture Canonical Implementation Begin With the End In-Mind

4. To Enable The Community to Consume and Integrated with Cloud Services Most Efficiently Mandate: Emergence of Viable and Varied Cloud Services + Increasing Geographic Diversity of Research and Education –It’s no longer just about who you are – it’s about the spheres of influence in which you operate combined with the means to find the resources necessary to do research, education, collaboration – and do these things, in scalable, elastic, and manageable ways. What’s the problem again?

5. Indiv idual Ente rpris e Com muni ty Virtu al Orga nizat ion Balanced Scorecard of Control Individual Identity is the sum of all MetaData known by all affiliates.

6. Most service providers are not clueful about identity Most service providers do not understand groups –Within Enterprise –Across Enterprises Must be achieved at GLOBAL SCALE across Enterprises while maintaining MetaData/Attribute control at the Enterprise It will be a multi-year effort Must enable smooth migration or implementation over time Must support management of one’s own identity and have the ability for discretionary MetaData/Attribute Release *By the way …

7. Provide a series of services end-points to which the candidate SPs will connect. Provide services which augment or replace SP-AUTHN or AUTHZ “machinery” with those provided by TIER. Enable –Faster Integration –Greater Flexibility –Greater Value to the Community and the SP Encapsulate and Empower SPs

8. The core needs are for AuthN and AuthZ for Interrealm Use A wide assortment of open source software has been developed by the community to address parts of those needs. –Excellent, Inconsistent, Non- Interoperable, Hard to Sustain / Maintain, Still has significant gaps. Lacking a common approach has led to a proliferation of approaches. Challenges

9. Scalable, Multi-Enterprise, Resilient Solution Rationalized and Accessible API and Grammar Federation-Enabled Extensible –Plug-in Architecture Support for Matrices within/without Organizations Support for Institutional, Statutory and Regulatory Constraint in the Semantic Layers for AuthZ Requirements The definitive source of Scholarly Identity and Affiliation across Virtual Organizations … In The Cloud

10. Terminology: “Façade” design pattern (Software Engineering) “A Façade provides a unified interface to a set of interfaces in a subsystem. Façade defines a higher- level interface that makes the subsystem easier to use. Wrap a complicated subsystem with a simpler interface. ” Generalized Design

11. The TIER Façade Acts Like A Broker API Interface Handler “A”Handler “B”Handler “C” Routing Decisions Decision making for which subsystem receives the target request remains within the enterprise.  Contained Within the Enterprise  Cloud-Based Service

12. Internet2 Middleware: Proposed Unified Model Secure Directory, Identity and Metadata Services Single Signon and Identity Components AuthN (Who)Multi Factor Multi-Level (Groups) AuthZ (What) Business Rules Engine / Grammar Federated Registry (Directory Search / Lookup) Network Objects (Files, Datasets, etc.) PeopleFiles / DatasetsNodes Metadata Registry Services Persistence and Replication Lightweight Workflow Services Automated Provisioning / Deprovisioning and Rules Enforcement