CIFER APIs: Filling The Gaps In The Exchange of Identity Data

The best approach to building an identity infrastructure that is scalable and maintainable over time without product lock-in may be to use a loosely coupled, modular architecture. In this approach, individual identity components (such as authentication services, authorization services, registries, and directories), as well as their upstream and downstream systems (systems of record, provisioned services), talk to each other over open, standardized APIs rather than via proprietary mechanisms. While some standards do exist in this space, including SAML and LDAP, there are many gaps. The CIFER (Community Identity Framework for Education and Research) API project is a cross-community effort to define APIs for identity services, specific to the Research and Education (R&E) sector. Participants from the Apereo, Internet2/InCommon, and Kuali communities have been working together, with particular interest in developing APIs for • Moving data into and out of identity registries • Invoking identity match services • Complex authorization • Account and credential management In addition, the project is developing a core schema, intended to support a standard representation of the common attributes used within identity management for R&E This presentation will examine use cases driving the project, and report on the effort to date to meet these use cases, including a discussion of the design criteria. The core data schema will be reviewed. Select APIs (around registry integration) will be presented and placed in the context of other API work (such as SCIM). Attendees will come away with an understanding of the work to date, how they may be able to leverage it to help provide solutions to their campuses and organizations, and how they may be able to help contribute to the work.


Part of session

Tools for Identity

Related documents