Skip to end of metadata
Go to start of metadata

TIER-Data Structures and APIs Working Group Home


Future Calls: Chose the one (Wed. or Fri.) that works best for your schedule and time zone):


Wednesday, 15 November 2017, at 3 pm Eastern, Noon Pacific, 8 pm UTC

Friday, 17 November, 2017, at 10 am Eastern, 7 am Pacific, 3 pm London, 4 pm Amsterdam


Agenda and Collaborative scribing notes starting April 19, 2017 are here:

Attendees are encouraged to participate in live-scribing the meetings on the above Google doc

Older scribing notes:,

Email List: 

  – To subscribe, browse to  

Working Group Chair: Keith Hazelton, University of Wisconsin

Charter for Data Structures and APIs Working Group

TIER Timeline and Deliverables for TechEx 2017



TIER Vision and Overview

  • Help education and research organizations solve the Identity and Access Management (IAM) challenges they encounter 

    • By providing open source implementations of key IAM capabilities and assuring their long-term sustainability

    • By standardizing 

      • How applications (whether local, federated or SaaS)  integrate with IAM infrastructure 

      • How existing institutional IAM infrastructure can  interoperate with TIER components to provide a full IAM service suite

TIER Entity Registry and Data Structures and APIs Working Groups

  • The TIER Entity Registry Working Group and the TIER Data Structures and APIs Working Group share the following key goals

    • To define integration and interoperability strategies and models

    • To help charter development projects that address specific gaps in existing open source IAM packages

    • To develop a comprehensive functional model of IAM

    • To define and adopt specifications for the resource schema and interfaces needed to deliver identity and access management (IAM) services

      • Between the various TIER IAM components
      • Between TIER components and the rest of the institutional IT landscape, both on premise and in the cloud
    • Provide guidance on building IAM infrastructure and processes that accord with the TIER model

Standards, Tools and Guidelines set out in TIER Release 1

  • Expose IAM capabilities at RESTful endpoints
    • ...Where it makes sense:  LDAP, SAML, etc. still have their well-earned place, TIER will take full advantage of such common protocols and interfaces. OAuth 2, OpenID Connect and UMA are also coming into play.
    • REST-ness in the TIER context means:  HTTP verbs operate on Resources (groups, users,....); RPCish idioms should only be used when nothing else will do what needs to be done.
    • The model for interoperating with existing institutional IAM services is to provide the TIER components with connectors that know how to interact with both back end legacy systems as well as the growing number of contracted-out SaaS and PaaS services
    • An API-first design helps us achieve and maintain a level of abstraction from specific implementation choices. This gives TIER adopter sites the option to wrap their favorite legacy IAM service in a TIER API knowing that it will integrate well with other TIER or TIER-compliant packages.
  • Adopt the many useful conventions specified in the new IETF standard,  SCIM 2.0 ,
    • around the design choices that would otherwise tend to provoke endless working group debates on matters such as pagination, metadata schema, data formats, etc.
    • the choice to leverage SCIM, as much as anything else, made the decision to support  JSON easier.  Support for XML can be provided if and where it's needed.

API Specifications: 

  • The canonical specification language for   HTTP-oriented APIs in TIER is  Swagger 2.0
  • Why Swagger and not  RAML  or API Blueprint? (see this recent comparison on dzone)
    • In the move from version 1 to version 2, Swagger incorporated a lot of RAML's best features (around reusable definitions, etc.)
    • Swagger 2 has been adopted as the basis for further development by the industry-launched  Open API Initiative (, more on github here) and that should strengthen the already thriving Swagger developer and adopter community


Key Deliverables from TIER Release 1

TIER Standards and Guidelines

TIER API: Basic Group Management Operations

TIER API: Basic Person Management Operations

Instrumenting and Monitoring TIER Components

Narrative Form: Deliverables in the WG Charter

By April 2016

  • Publish and promote the adoption of a first-round set of conventions for API and data structure design. The goal is to inform and hopefully influence API development for Release 1.0 Grouper and COmanage components.
  • Pair the basic group and membership management APIs with an event-driven messaging approach to the same functionality. Clarify the circumstances that favor one approach over the other.
  • Assess possible models for APIs and data structures around consent.
  • Document the first round requirements for administering and monitoring IAM infrastructure and specify the kinds of instrumentation needed in each component to support administration and monitoring. 

Other resources



See Also:

  • No labels
Page: Alternative Proposals on the Relationship Between TIER and SCIM APIs and Schema Page: API Client Authentication via OAuth Page: APIs and Schema--The Relationship Between TIER and SCIM Page: Backbone Usage Scenario Demonstration Using MidPoint as Entity Registry Page: BTAA and TIER Collaboration on Provisioning and De-Provisioning Page: Client / Service API Authentication Page: Consultation for TIER Grouper Deployment Guide Page: Deliverables for TechEx 2016 Page: Entity Registry Working Group Page: Group Management APIs and Operations Page: Group Management APIs and Resources Sub-group Page: IAM Functional Model Overview Page: Ignoring Unrecognized Schema Fragments in a Received Resource Representation Page: Initial Set of TIER Group Management APIs Page: Install RabbitMQ on Mac OS X and test with simplest possible messaging app Page: Instrumenting and Monitoring TIER Components--First Steps in a Long Journey Page: layout test Page: midPoint Logging Page: OAuth / OIDC Study Group Page: Overview of the APIs and Data Structures and the Entity Registry Working Groups Page: Reference Architecture Recommendations for Groups and Folders Page: SCIM Schema Extension Mechanism and TIER Page: Standards and Guidelines for Event Messaging in TIER Page: Team members as stakeholder representatives Page: The TIER Reference Architecture (RA) Page: TIER API: Basic Person Management Operations Page: TIER API Authentication in a Federated World Page: TIER API Security Guidelines Page: TIER API Security Task Force Charter Page: TIER Data Structures and APIs Working Group Charter Page: TIER Standards and Guidelines Page: TIER Timeline and Deliverables for TechEx 2017