You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Email message to EDUCAUSE IdM list, to be forwarded and repurposed as needed for other audiences:

Subject:  Collaboration on open-source IAM software

Folks on the EDUCAUSE IdM list may have heard rumors about discussions regarding ambitious plans for building out new capabilities in open-source IAM products for higher education and research.  Discussions have indeed been happening; those of us involved figure that now is a good time to let the community know what's going on and what we intend to happen next.

This note is the short version.  For more of the story go to https://spaces.at.internet2.edu/osidm4he/ .

There are three primary motivations that led to these discussions:  (1) new requirements on campus IAM systems, including new populations, cloud integration, assurance, compliance, privacy, federation, etc.;  (2) dissatisfaction of many campuses with current commercial IAM products; (3) new requirements on Kuali Rice, from the major Kuali applications and other sources, motivating more "enterprise" capabilities for the Kuali Identity Management (KIM) component of Rice.  Regular readers of the EDUCAUSE IdM list will be familiar with many of these drivers.

A small group met at the colocated Jasig / InCommon ACAMP meetings in Denver in May 2011 and determined that there was interest from several organizations in working further.  The next step was a workshop last week in Chicago to further build consensus and analyze the problem space.  15 people, representing the Kuali Foundation, Internet2/InCommon, Jasig, and several universities, met for two days. 

This group first divided the IAM space into functional areas, identifying gaps and overlaps in the current HE open-source product scene.  It then zeroed in on the three key elements – identity registries, provisioning, and access management.  Lastly subgroups were chartered to dive deeply into the requirements in each of these areas and to report on recommendations to align current efforts and propose initiatives to fill existing gaps. A fourth subgroup was chartered with developing the organizational and branding structure needed to oversee the initiative. Charged to report back by mid-September, these subgroups will create well-defined proposals to submit to constituent organizations and universities for resourcing.

We know that many people are likely to be interested in this activity, and want to follow it more closely or even participate.  But for now, it remains invitation-only while the core group plans the next steps.  At this time it is just a planning activity; progress on actually building things is subject to investment decisions from many organizations.

If you have questions you can contact the group at osidm4he-info@internet2.edu .

OSIdM4HE wiki page:

OSIdM4HE activity

Summary:  Participants from a number of organizations have been collaborating on creating a coherent set of open-source Identity and Access Management (IAM) software packages to meet the needs of Higher Education and Research.  The activity arose in response to concerns raised by many institutions that current products, both open-source and commercial, are not meeting their IAM needs effectively and affordably.  15 people met on August 9-10 in Chicago to pursue this idea.  The workshop resulted in a clearer understanding of the current state of affairs and commitments from all participants to work intensively on further defining a specific set of development and collaboration activities leading quickly to well-defined, fundable projects.  Next-phase reports are due by mid-September 2011.  For now the activity remains invitation-only.

The longer story:

If you've followed the research and higher-education (R&HE) IT scene in recent years you know that there is a lot of concern about the state of institutional Identity and Access Management (IAM) systems.

New requirements:

  • new populations, new relationships
  • more systems to do AM on, more enterprise risks
  • outsourcing, cloud services
  • federation, social identities
  • assurance, lifecycle
  • enterprise enablement:  service orientation, workflow, event-driven, notification

Some fine existing open-source software packages, but mostly are just serving elements of overall system.  CAS, Shib, SSP, Grouper.  Others promising but not yet ready:  OR.  KIM covers many aspects of IAM space but not intended yet to be enterprise-scale.

Commercial products have been deployed, but some popular ones have changed their spots recently, making many sites unhappy.  Remain expensive, often monolithic, hard to integrate.

New opportunities:

  • Discussions at ACAMP 2010, again in 2011
  • Some large univ systems looking at system-wide reqs, purchases
  • Kuali looking at KIM buildout due to new app requirements

Punched up version?

Higher Ed Identity and Access Management (IAM) Stack – Pipe Dream or Reality

15 individuals from 12 Universities and 4 Higher Ed Collaboration Associations met for two days in Chicago, August 9-10, to decide just that. The result – A Higher Ed Identity Management stack could be a reality with added coordination to align current efforts and structured projects to fill in the current gaps.

The group first chunked the Identity management space into 7 distinct functional areas, identifying gaps and overlaps. It then zeroed in on the three key ones – identity registry, provisioning, and access management. On the final day they chartered three technology subcommittees to investigate and dive deeply into the higher ed offerings in each of these areas and to report back on a strategy to align these current efforts and propose initiatives to build out any existing gaps. A third subcommittee was chartered with developing the organizational and branding structure needed to oversee the initiatives. Expected to report back in one month, September 16, these subcommittees will reconvene with hard proposals to constituent universities for resourcing.

The summit was initiated because of concerns raised by many institutions that current products, both open-source and commercial, are not meeting the Identity and Access Management (IAM) needs both effectively and affordably.

If you are interested in learning more please contact .... but for now the activity remains by invitation-only.

The current participants are..

  • No labels