Identity and access management –a project from the US



Michelle Griffiths
ITS Project Manager
IT Services
University of Oxford
Member of UCISA-PCMG

Looking at TIER

This Educause session Trust and Identity in Education and Research: Identity for Everyone  was run by Ron Kraemer (Vice President and Chief Information and Digital Officer, University of Notre Dame), Kevin Morooney (Vice Provost for Information Technology-CIO, The Pennsylvania State University), Ann West (AVP, Trust and Identity, Internet2 ) and Steven Zoppi (Vice President, Internet2). Internet2’s  Trust and Identity in Education and Research (TIER) initiative  will provide a common framework for campus identity and access management (IAM) components.

An overview of the TIER project

  • TIER will provide a set of integrated components that address IAM as a whole.
  • 500 US HE institutions are involved.
  • Primary users: medical students, researchers, faculty staff and students.
  • TIER will address community requirements across components, and sustain components that were developed together.
  • During the next few years the project will focus on maturity and sustainability models for workforce and funding.

The TIER vision was outlined for the Educause audience:

  • “We believe identity will be a service.”
  • “We believe in a cloud service with campus localization.”
  • “We believe that if we don’t develop it, then we will have to accept that someone else has (social identities).”
  • “Effective collaboration with partners will be key (includes federated agencies).”
  • “We know we are at least three to five years from achieving this vision.”
  • “We will build frameworks and tools to make it simpler for ourselves.”

Components of TIER

  • Secure directories
  • Identity and metadata services
  • Single sign-on and identity components
  • Registry services
  • Workflow services
  • AuthN (who) & AuthZ (What)
  • Federated registry (Directory Search/lookup)
  • Persistence and reputation

The TIER project is moving from investor to sustainable models (financials and governance) via the TCIC – Tier Community Investor Council. Fifty campuses invested $75,000 each over three years ($4 million in total which includes funding provided by TIER themselves).  There is also programme support for community – Anne West (AUP trust and Identity), technology – Steve Zoppi (AUP services integration and architecture) and sustainability (community engagement and membership).

The first integrated release is scheduled for 2106.  There will be minimal installation/configuration of user interfaces, and the preliminary requirements will be set for scalable content.  The objective is point in time consistency.

Partners involved: Shibboleth, Grouper and COmanage 

The primary focus for the first release is: container/packaging, APIs, continuous update cycles every eight months, 250 user stories driving requirements, documentation and the Initial deployment.


  • MOU management community forum
  • Financial timetabling and reporting
  • Technical requirements revision
  • Working groups
  • First two corporate partners – Unicon (for Shibboleth and Grouper) and Spherical Cow Group (for COmanage)

The work is sponsored by the community, who are responsible for the for HE standards and by Internet2 who is responsible for industry approaches.


  • Several key working groups are formed or are forming including 3M (monitoring, measuring & managing)
  • Continuous meaningful feedback (how the community is utilising the components everywhere)
  • Community adoption – working group needed
  • Emerging community contributors

Leave a Reply

Your e-mail address will not be published. Required fields are marked *