| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | ||||||||||||||||||||||||
2 | ID | ThemeType | Category | Requirement | ||||||||||||||||||||
3 | 1 | Solution | Auditing Monitoring and Management | Logging and all other forms of application Instrumentation for Policy and Performance monitoring and management must be rigorously implemented within all components of the solution. | ||||||||||||||||||||
4 | 2 | Solution | Community Documentation and Interaction | Solution must enable the sharing of a common documentation repository as well as a place for school practitioners and service providers to go to find useful instructions, standards, practices and guidelines for building end-to-end services based on TIER c | ||||||||||||||||||||
5 | 3 | Solution | Community Documentation and Interaction | Solution extensions must be available in the form of a Marketplace or some other suitable means of presenting a catalog of available functionality, contributed by the community, for utilization by others. | ||||||||||||||||||||
6 | 4 | Solution | De/Provisioning | Events (such as admission, enrollment, new hire, etc.) must trigger lifecycle stage transitions, role changes, affiliation changes, etc. Those can then cause other events such as service eligibility. Lifecycle changes or affiliations all precipitate a n | ||||||||||||||||||||
7 | 5 | Solution | De/Provisioning | The solution must support high level workflows between "states" (states-of-being). Note: This is a higher-level of activity such as "Adding" "Updating" "Removing" a "Person" or other entity causes a cascade of activities at the same level in other servi | ||||||||||||||||||||
8 | 6 | Solution | De/Provisioning | The solution must anticipate the possibility of conflicting roles in the case of multiple affiliations when exposing Role information to Service Providers so they may adjudicate access, authorization, etc. | ||||||||||||||||||||
9 | 7 | Solution | De/Provisioning | The solutions must take into consideration that conflicting grants of authority, eg, one source indicating a grant of access and another a denial of access, must be resolvable according to the needs of each application or service context. | ||||||||||||||||||||
10 | 8 | Solution | De/Provisioning | The solutions must enable individuals to have multiple roles/affiliations/relationships/whatever with the institution, each with its own lifecycle and overlapping set of access privileges needed to undertake each role. Statefulness (persistence and preser | ||||||||||||||||||||
11 | 9 | Solution | Federation and Inter-Federation | Inter-Federation and Federation needs must be held high in considerations when building core solutions and artifacts related to TIER. | ||||||||||||||||||||
12 | 10 | Solution | Interoperability | The Solution should provide “other technology” interfaces to facilitate operation with non-NET+ solutions (campus ERP, non-NET+ vendors, etc.). (e.g., OAuth, SCIM, etc.). | ||||||||||||||||||||
13 | 11 | Solution | Interoperability | Pre-built connectors for the most common of systems of record must be in the “core” TIER release. | ||||||||||||||||||||
14 | 12 | Solution | Interoperability | A mechanism to augment the catalog of Core Connectors must be provided to the community for inter-institutional sharing and implementation. | ||||||||||||||||||||
15 | 13 | Solution | Interoperability | An extensible Publish/Subscribe mechanism must be supported to enable near-real-time communication between dependent systems of record. | ||||||||||||||||||||
16 | 14 | Solution | Interoperability | keep CommonAPP in consideration when building connectors to TIER components. | ||||||||||||||||||||
17 | 15 | Solution | Interoperability | Beyond WEB Only Authentication (e.g. ECP and CLI protocols) for authentication must be enabled as for Research/Collaborative computing | ||||||||||||||||||||
18 | 16 | Solution | Interoperability | The solution must enable smooth runtime integration / mapping between SAML and OpenID/OAuth Protected services | ||||||||||||||||||||
19 | 17 | Solution | Levels of Assurance (LoA)/MFA (Quality of Identity and Identification) | The ability to promote and demote the Levels of Assurance of an identity over time should be implemented in the component suite. For example, having higher Levels of Assurance while student, then lower (social?) when alumni, and later yet higher again as grad student or employee are the representative scenarios. | ||||||||||||||||||||
20 | 18 | Solution | Levels of Assurance (LoA)/MFA (Quality of Identity and Identification) | Flexible Multi-Factor Authentication in Single-Signon should be enabled by default, with the ability to require Multi-Factor Authentication per-Service Provider and/or per-Individual | ||||||||||||||||||||
21 | 19 | Solution | Person Registry/Provisioning | De-Duplication must be a part of the Person Registry Service (Directory) | ||||||||||||||||||||
22 | 20 | Solution | Person Registry/Provisioning | Identity Matching Logic must be a part of the Person Registry Service (Directory) | ||||||||||||||||||||
23 | 21 | Solution | Person Registry/Provisioning | Institutionally Defined Metadata must be enabled in the Cloud-Based solution as well as the on-Premise solution. | ||||||||||||||||||||
24 | 22 | Solution | Person Registry/Provisioning | Individuals must be able to support the association of various organization-external "identities" with their own identity. (Context: Self-Service) | ||||||||||||||||||||
25 | 23 | Solution | Person Registry/Provisioning | Once instantiated, the persistence of identifiers of which (at least) one must extend beyond a lifetime (indefinitely), ie. must never be reused and must never be deleted once created. | ||||||||||||||||||||
26 | 24 | Solution | Person Registry/Provisioning | The person registry service must have an attribute for the level of assurance associated with each linked account. | ||||||||||||||||||||
27 | 25 | Solution | Person Registry/Provisioning/IdP Attribute Release | The solution must provide a fine-grained ability to present a selected set or subset of attributes to a selected set of systems. | ||||||||||||||||||||
28 | 26 | Solution | Person Registry/Provisioning | The solution may enable user to be in control of their personal data stores such that when relying parties are requesting access to those data, users should have fine-grained controls over what pieces of personal data are shared with such parties. | ||||||||||||||||||||
29 | 27 | Solution | Standards and Enforcement | The program must assert and enforce: Datagram Standards | ||||||||||||||||||||
30 | 28 | Solution | Standards and Enforcement | The program must assert and enforce: Policy Standards | ||||||||||||||||||||
31 | 29 | Solution | Standards and Enforcement | The program must assert and enforce: Terminology Standards (example: RFC Level of Definition or Distinction for TIER) | ||||||||||||||||||||
32 | 30 | Solution | Standards and Enforcement | The program must assert and enforce: Persistence (storage of data) standards | ||||||||||||||||||||
33 | 31 | Solution | Standards and Enforcement | The program must assert and enforce: Published / Stable APIs for ALL core components. | ||||||||||||||||||||
34 | 32 | Solution | Standards and Enforcement | Implementation, Integration with and Adoption of Community or Commercial Services which have adopted TIER program standards should be “trivial” to implement from a school’s perspective as long as the school has implemented TIER and used the TIER defaults (aspirational statement) | ||||||||||||||||||||
35 | 33 | Solution | Research Organization Support | COmanage-like functionality must be included in the solution as a proper starting administration point for Research Organizations (Virtual Organizations) The ability to construct a Research Organization User interface through open APIs to create purpose-specific implementations is a goal. | ||||||||||||||||||||
36 | 34 | Solution | Research Organization Support | Authorization infrastructure must be constructed (or made available) that can be consumed by applications across both internal and external identities and services. | ||||||||||||||||||||
37 | 35 | Solution | Service Providers and Third-Parties | The program and related solutions must enable the service owners of federation-facing campus services to directly manage the controls and access by external identities such that service owners won't need campus federation gurus to manage their services. | ||||||||||||||||||||
38 | 36 | Solution | User Interface/User Experience (UI/UX) | An end user Identity Console must be instantiated with the ability to update personally-owned attributes (e.g., names, numbers, some addresses, preferences, etc.) and be confident that the data will be reliably propagated to relying party systems (e.g., ERPs, directories, etc.). | ||||||||||||||||||||
39 | 37 | Solution | User Interface/User Experience (UI/UX) | User Interfaces must be created to ease the installation, implementation, administration and use of the most common tasks for all components. (e.g. the Lack of a User Interface should be a “fail” criterion for any critical feature or function.) | ||||||||||||||||||||
40 | 38 | Solution | User Interface/User Experience (UI/UX) | Password Reset capabilities must be standardized upon and deployed in the out of the box solutions, with sufficient flexibility to meet institutional business practices. (Probably need to talk through the non-password self-service interface - See line 43) | ||||||||||||||||||||
41 | 39 | Solution | User Interface/User Experience (UI/UX) | A Person may have multiple personas that an organization may require them to “act in the role of”, An easy way of switching personas should be constructed as a part of the final solution. | ||||||||||||||||||||
42 | 40 | Solution | User Interface/User Experience (UI/UX) | “Constituent focused,” self-service Interfaces must be included in the final solutions that dynamically and simply express what each constituent is authorized to manage about their own or others’ attributes and access privileges. Key such constituencies: administrators supporting on-boarding processes, unit and group managers/leads managing access to their groups’ resources, service owners managing characteristics of federation access to their serviices, and individuals managing their credentials and privacy of their attributes. | ||||||||||||||||||||
43 | ||||||||||||||||||||||||
44 | ||||||||||||||||||||||||
45 | ||||||||||||||||||||||||
46 | ||||||||||||||||||||||||
47 | ||||||||||||||||||||||||
48 | ||||||||||||||||||||||||
49 | ||||||||||||||||||||||||
50 | ||||||||||||||||||||||||
51 | ||||||||||||||||||||||||
52 | ||||||||||||||||||||||||
53 | ||||||||||||||||||||||||
54 | ||||||||||||||||||||||||
55 | ||||||||||||||||||||||||
56 | ||||||||||||||||||||||||
57 | ||||||||||||||||||||||||
58 | ||||||||||||||||||||||||
59 | ||||||||||||||||||||||||
60 | ||||||||||||||||||||||||
61 | ||||||||||||||||||||||||
62 | ||||||||||||||||||||||||
63 | ||||||||||||||||||||||||
64 | ||||||||||||||||||||||||
65 | ||||||||||||||||||||||||
66 | ||||||||||||||||||||||||
67 | ||||||||||||||||||||||||
68 | ||||||||||||||||||||||||
69 | ||||||||||||||||||||||||
70 | ||||||||||||||||||||||||
71 | ||||||||||||||||||||||||
72 | ||||||||||||||||||||||||
73 | ||||||||||||||||||||||||
74 | ||||||||||||||||||||||||
75 | ||||||||||||||||||||||||
76 | ||||||||||||||||||||||||
77 | ||||||||||||||||||||||||
78 | ||||||||||||||||||||||||
79 | ||||||||||||||||||||||||
80 | ||||||||||||||||||||||||
81 | ||||||||||||||||||||||||
82 | ||||||||||||||||||||||||
83 | ||||||||||||||||||||||||
84 | ||||||||||||||||||||||||
85 | ||||||||||||||||||||||||
86 | ||||||||||||||||||||||||
87 | ||||||||||||||||||||||||
88 | ||||||||||||||||||||||||
89 | ||||||||||||||||||||||||
90 | ||||||||||||||||||||||||
91 | ||||||||||||||||||||||||
92 | ||||||||||||||||||||||||
93 | ||||||||||||||||||||||||
94 | ||||||||||||||||||||||||
95 | ||||||||||||||||||||||||
96 | ||||||||||||||||||||||||
97 | ||||||||||||||||||||||||
98 | ||||||||||||||||||||||||
99 | ||||||||||||||||||||||||
100 |