Welcome to CAMP 2020 - November 16-17, 2020 - Virtual

What is CAMP? The acronym means Campus Architecture and Middleware Planning. CAMP has come to mean the series of track sessions that include case studies, organizations’ innovations in identity management, best practices, and other presentations that help move the community forward.

Looking for the 2020 Advance CAMP agenda and notes?

Pricing information (includes all five days of programming)

InCommon Participants and Internet2 Members$275
International Constituents$275
All Others$375

Monday, November 16, 2020

Note - there are three tracks – keep on scrolling to the right, also you have to login to Canvas in order to get links to the set

(All times U.S. Eastern Standard Time)

TimeTrack 1 Session TitleTrack 1 Session AbstractTrack 2 Session TitleTrack 2 Session AbstractTrack 3 Session TitleTrack 3 Session Abstract
9:30 - 10:30CAMP Opening and Plenary: Community Development in a Zoom World
10:30 - 10:45 amBreak
10:45 - 11:35 am

Federating with the NIH

The National Institutes of Health and the National Institute of Allergy and Infectious Diseases will discuss collaboration readiness and new requirements from NIH service providers, including meeting the Research & Scholarship program requirements and implementing multi-factor authentication.

eduroam Best PracticesThere is a new eduroam Advisory Committee and a new effort to streamline the providing of eduroam to K-12, libraries, and museums. This session will also discuss recent community input on the eduroam service in the U.S.

11:35 am - 12:30 pm

Break and BoF (Birds of a Feather): Take a break or join a BoF

  • BoF: COmanage
  • BoF: COVID-19 Impact
12:30 - 1:20 pm

In the User we Trust

In Identity Federations we trust the home organisations having good enough procedures on user enrollment and unique identifiers. Some services need to know the result of these procedures and for this we use the community standard REFEDS Assurance Framework (RAF). Identity Providers can self-declare the trust indicators of the procedures in the attribute assertion to the Service Provider.

Traditionally, besides the identity part, we have not cared about the quality of user authentications, but there are nowadays services that need to have a higher level of certainty that it is the same user logging in every time. One way to achieve this is by using multi-factor login, which is being signaled from the Identity Provider to the Service Provider via the community standard REFEDS Multi Factor Authentication Profile (MFA).

In this session we’ll cover the basics of the REFEDS Assurance Framework and the REFEDS Multi Factor Authentication Profile (MFA) to go beyond the Baseline Expectations and continue increasing the level of trust in identity federations.

How university CIOs make the case for investment in the Federation and IAM

How does a CIO justify investment in the InCommon Federation and IAM? What benefits, aspects, transformations, and impacts are most important to them, and to other university stakeholders? We bring together a panel of university CIOs to answer these questions.

By understanding the needs and perceptions of other university and community stakeholders around IAM, we in the community can better understand where our work is most valued, or where it could be better directed.

Provisioning and De-provisioning Zoom

In one part of this session, we'll hear about HIPAA compliance concerns that required the University of Minnesota to have separate Zoom instances for faculty, students and staff in its large health care  component. Speakers will discuss using  Grouper to provision to LDAP for use by the Shibboleth Identity Provider.

Also in this session, Exclamation Labs will describe a process used to develop a connector between Zoom and midPoint, and demonstrate de-provisioning for Zoom accounts– a process that until now has been a primarily manual workflow.
the higher education environment.

1:20 - 1:30 pmBreak
1:30 - 2:20 pm

When Federated Identity Became a Cornerstone for Education: FIM in Scholarly Publishing and Libraries

SeamlessAccess, a service that enables an improved identity provider discover service in a federated identity management workflow, started its rollout just as COVID-19 began to impact our world. What was anticipated as a “soft launch” suddenly saw a new level of urgency in the scholarly communications world to enable federated identity to access scholarly content.

In this session, Heather Flanagan will offer insight into how SeamlessAccess has evolved since its launch in 2019. Ralph Youngen (American Chemical Society) will report on one publisher’s perspective of how FIM access models have significantly changed in 2020. Emily Singley of Boston College will report on her observations from a library’s perspective on how FIM has impacted patron usage patterns. The session will conclude with a Q&A.

Shibboleth 2020 Review and Future Roadmap

The Shibboleth Consortium will provide a brief "State of the Consortium" review and the Shibboleth Project will outline 2020 accomplishments and the software roadmap for 2021 and beyond. A related topic will include the future sustainability of the Service Provider software and the convening of a discussion about its future direction.

Collaborating Your Way to Success: the InCommon Collaboration Success Program and the Trusted Access Platform

Does your organization need better identity and access management solutions? The Collaboration Success Program might be just what you need to get you moving in the right direction. InCommon's third collaboration cohort is just getting started. The Collaboration Success Program involves organizations working together to solve common identity management challenges. A mix of participants from the past two CSP cohorts and the new group just ramping up will share their experiences and expectations of the CSP, and the problems they have addressed.

Tuesday, November 17, 2020

(All times U.S. Eastern Standard Time)

TimeTrack 1 Session TitleTrack 1 Session AbstractTrack 2 Session TitleTrack 2 Session AbstractTrack 3 Session TitleTrack 3 Session Abstract
9:30 - 9:40 amWelcome to Tuesday
9:40 - 10:30 am

Multilateral federations, ADFS, and OIDC

Chris Phillips, of the Canadian Access Federation, will discuss ADFSToolkit v2 enhancements and best practices. ADFSToolkit augments and enhances ADFS (on-prem IdP) to connect to R&E multi-lateral trust federations.

Roland Hedberg says "if you have ever considered running an OIDC federation, now may be the time to start planning." With three independent interoperable implementations (Shibboleth, Connect2Id and IdPy) to pick from, you should be ready to go.

Vision for Identity Management in Higher Education (midpoint)

This session will feature an introductory presentation about IdM in general and the vision of the future from the point of view of Evolveum, developer of midPoint. The second half will be a combination of presentation and demonstration of midPoint.

Growing an IAM Team

Over the past few years, the Identity and Access Management team at the University of Minnesota has grown from three to eighteen and counting. Join us as we recount our organizational journey and experience the highs and lows of our evolving structure, which may spark ideas on how your campus team could be organized.
10:30 - 10:45 amBreak
10:45 - 11:35 amWhat Is (and What Will Be) REFEDSNicole Harris and Heather Flanagan will discuss REFEDS, the R&E Federation consortium, and talk about work accomplished in 2020, the global federation survey data, and look into the activities and guidance coming from the REFEDS Working Groups.

Grouper Update


Chris Hyzer (Univ. of Pennsylvania)

Chris Hyzer, lead developer of the Grouper Enterprise Access Management software, will provide a Grouper update, including the newest features and the roadmap for the coming few months.

Designing and Redesigning IAM Deployments


Mark Cox (University of Virginia)

Richard Frovarp (North Dakota State University)

Case studies from the University of Virginia and North Dakota State University. UVa implemented a new system, while NDSU incorporated Grouper and midPoint into their system. Hear about considerations and lessons learned.
11:35 am - 12:30 pm

Break and BoF (Birds of a Feather: Take a Break or Join a BoF

  • BoF: Meet the InCommon Catalysts (Dining Hall)
  • BoF: Integration Platforms in Higher Ed (Lodge)
12:30 - 1:20 pm

The best of both worlds: Federation-ready identity providers in the cloud


Mary McKee (Duke University)

Ethan Kromhaut (Univ. of North Carolina-Chapel Hill)

Institutions interested in outsourcing their IT infrastructure to cloud-based services shouldn't have to choose between operational efficiency and robust federation capabilities.

The Identity Provider as a Service Working Group recently delivered its final report on community needs for cloud-based Identity Provider infrastructure and how InCommon can support providers and customers of these products in getting the most from federation.

This session will cover the Working Group's findings and recommendations, and provide a panel discussion of the findings from some of the working group participants

What’s New with COmanage?


Laura Paglione (Spherical Cow Group)

During 2020, COmanage has released new features, transitioned its training program to online, and refined its community engagement processes. This session will provide information on the latest and greatest that the tool has to offer, as well as what is coming next in the development roadmap. For those just learning about COmanage, there will be a short introduction about the tool including example use cases. We’ll also review details about how to stay informed as things progress over the next year.

Partnerships Between IAM and the Registrar


Keith Wessel (Univ. of Illinois) and others

The campus registrar plays a central role in the plans and policies around management of student data, while the IT organization is the technical agent for those efforts. Collaboration of the two is essential, but the relationship between them involves a lot of teamwork. It requires a common understanding of institutional goals, the capabilities and limits of technology, shared awareness of regulatory requirements, and blending the cultures and language of the two units. This session will bring together pairs of IAM staff and registrar leaders from a variety of campuses to talk about their successes and failures in working together. Topics will include partnering on FERPA management, attribute release and consent/notification, innovative mobile app environments, and student privacy issues such as contact tracing.
1:20 - 1:30 pmBreak
1:30 - 2:20 pm

Baseline Expectations 2021: increased assurance and interoperability

Baseline Expectations for InCommon participants are being enhanced to require TLS for all URLs, SIRFI security incident framework, and IdP error URL. Bring your questions or concerns about implementing the new expectations, or for possible future requirements (perhaps MFA or entity categories such as R&S).

InCommon and trust in digital academic credentials


Ken Klingenstein (Internet2) and others

In the last few years, there has been great interest, and significant development, around the idea of academic digital certifications and badges that capture specific areas of expertise that a learner has acquired. These “mini-degrees” might express fluency in a programming environment, mastery of a lab technique, knowledge of a particular architectural skill, or even competency in a brand of auto repair. These badges have a number of useful features, including their flexible content, machine-readability, portability, verification means, and privacy preserving capabilities. And now, with the advent of new technologies such as distributed ledgers (aka blockchains) and zero knowledge proofs, there are facile ways to technically implement these badges.

For the use of verified credentials for academic badges to actually be deployable at scale requires trust – by issuers, learners and relying parties – in the integrity and security of the assembled infrastructure. InCommon could provide some critical pieces to this puzzle. With its secure business processes and metadata management capabilities, InCommon could house badge key registries, revocation registries, institutional signing keys, etc.

This session will describe the development of digital academic credential world and the potential synergy with InCommon and federated identity.

Lightning TalksWhen you have something to say, but not 50-minutes worth, you do a lightning talk. With or without slides and less than eight minutes.
  • No labels