Program

7:00-4:30 

Registration Open  - Deshier Parlor

7:30-8:30

Continental Breakfast for Pre-meeting Seminar Attendees  - Neil House Parlor

8:30-11:30

The Big Picture: Introduction to Federated Identity Management - Seneca Room

Jacob Farmer, Identity Architect, Indiana University
Ann West, Assistant Director, InCommon

11:30-1:00 

Lunch for Pre-meeting Seminar Attendees  - Neil House Parlor

7:00-4:30 

Registration Open  - Deshier Parlor

1:30- 1:45

Welcome and Introductions  - Grand Ballroom
John Conley, Chief of P-20 Education Technology, Ohio Board of Regents

1:45-2:15

Hot Topics: Setting the Stage  - Grand Ballroom
 
Download the slides from this session [PDF - 3.3MB]

Kicking off the meeting, this session will provide an overview of identity and access management across higher education and a discussion of the current issues and drivers as well as terminology. The speaker will conclude with suggestions of how to make the most out of the CAMP.

Jack Suess, Vice President of Information Technology and Chief Information Officer, University of Maryland-Baltimore County

2:15-3:15

Who is Doing What? Rapid-Topic Deployment and Lightning Round  - Grand Ballroom

Want to find a colleague to share notes with on a sticky issue? Looking for collaborators to test a solution? Have a modest success or spectacular failure to share? CAMP attendees are invited to present short five-minute call to action or project summaries to get things started.
Read the notes from the Lightning Round

Moderator: Mark Beadles, Program Manager, Federated Identity, OARnet

3:15 - 3:30

Break

3:30-5:00

Guest and Affiliate Systems: Do We Need Them Anymore?
Social Identity and Its Impact on Campuses                               - Grand Ballroom

Download the slides from this session

See the IAM Tools and Effective Practices wiki for more information
See the Social Identities Discussion wiki for more information

Enabling collaborators and other guests to use our systems in a scalable and secure way has been a thorny issue since the dawn of time. Some of us have developed separate guest systems, just to manage the access issues. But could social identity approaches like Facebook Connect or OpenId provide a solution? And if these methods are viable, what are the policy, security and management concerns for leveraging a credential provider we don't control? This panel session will provide case studies for various design approaches and discuss their implications on campus policy, practice and technical architecture.

Debbie Bucci, Integration Services, Center for Information Technology, National Institutes of Health
Jimmy Vuccolo, Technical Manager, Identity and Access Management, Penn State
RL "Bob" Morgan, Senior Technology Architect, University of Washington
Moderator: Mark Scheible, MCNC

5:30-7:00

Reception  - Chittenden Foyer
Enjoy your favorite beverage and a bit of cheese and compare notes with your colleagues on your identity management plans. Find out about third-party support options from the InCommon Affiliates.

7:30-4:30 

Registration Open - Deshier Parlor                                    

Registration Open - Deshier Parlor

7:30-8:30

Breakfast  - Neil House Parlor

Breakfast  - Neil House Parlor

8:30-10:00 

IAM: Overview of Working Parts
and Self-Assessment Exercise  - Seneca Room

Download the slides from this session

Download the self-assessment tool [WORD]

Have questions about how the different aspects of Identity and Access Management all fit together (policy, business practices, technical infrastructure)? Ever wonder how your institution compares to others in IAM capabilities?  This session will help you begin to develop a gap analysis of IAM for your institution.

Renee Shuey, Principal Lead, Identity and Access Management, Penn State
Keith Hazelton, Senior IT Architect, University of Wisconsin-Madison

Recommended Federation Practices - Grand Ballroom

See the wiki page on recommended practices
 
Download the slides from this session
 
Managing identity information within a federated environment can be challenging.  Members of the InCommon Technical Advisory Group will share information and experience on best practices for service and identity providers. This session will include discussions on eduPersonTargetedId, the Participant Operational Practices (POP), supported software and SAML 2.0.

Scott Cantor, Senior Systems Developer, Ohio State University
RL "Bob" Morgan, Senior Technology Architect, University of Washington
   

10:00-10:15 

Break

Break

10:15-11:30

IdM Software: Strategies for
Choosing Suites   - Seneca Room

Download the slides from this session

Looking for a vendor product or suite to integrate your Identity and Access Management infrastructure?  Or maybe just some open source tools to use in building or enhancing your own?  This session will help you determine which options are available to you as presenters describe their decision-making process and the products chosen.

Steve Devoti, Senior IT Architect, University of Wisconsin-Madison

Attribute Release: uApprove and Related Approaches and Issues  - Grand Ballroom

Download the slides from this session

Read the notes from the panel discussion (not on the slides)

Identity Providers play an important role in  managing and asserting identity information in a digital information age when it is critical to operate efficiently and securely in an online environment. With increased privacy and security risks, including compliance with FERPA, solutions such as uApprove offer the opportunity to place the decision regarding sharing of personal information in the hands of the individual. This session will discuss technology options such as uApprove, policy options such as adopting default attribute bundles and the pros and cons of each.

Brad Myers, University Registrar, Ohio State University
Sarah Morrow, Chief Privacy Officer, Penn State
Matt Kolb, Assistant Director, Computing Services, Academic Technology Services, Michigan State University
Moderator: Ken Klingenstein, Director,
Middleware Initiative, Internet2

12:15-1:00

InCommon Certificate Program: Campus Case Studies  - Seneca Room

Interested in learning about case studies on using digital certificates and the InCommon Certificate Program? Join us in the main session room for a brief overview and campus experiences.

David Pike, Director, Office of Information Technology Administration, The Ohio State University

1:00-2:15

Building Blocks for
Access Management:
Setting the Stage - Seneca Room  

Download the slides from this session                                     

Do you have a set of rules or policies that are used to determine who gets access to your resources?  If not, this session will highlight the steps you might go through with campus stakeholders, to analyze your existing environment and plan for automated provisioning of access.

Note that the afternoon sessions in this track are connected, in terms of topics.

Rob Carter, IdM and Middleware Architect, Duke University
Keith Hazelton, Senior IT Architect, University of Wisconsin-Madison

Identity Assurance Profiles (IAP):
InCommon Bronze and Silver - Grand Ballroom

Download the slides from this session

Federated Service Providers (SPs) and their applications have varying degrees of risk and the ability/willingness to absorb that risk.  Silver and Bronze are the InCommon Identity Assurance Profiles (IAP) that provide a higher degree of trust based on Identity Provider processes, policies, and technologies. This session will discuss the current InCommon IAP Program, changes to the identity assurance IAP and Identity Assurance Assessment Framework (IAAF) documents and important drivers for the adoption of IAPs.

John Krienke, Chief Operating Officer, InCommon
Renee Shuey, Principal Lead, Identity and Access Management,
Penn State
Jacob Farmer, Identity Architect, Indiana University

2:15-2:30

Break

Break 

2:30-3:45

Building Blocks for 
Access Management: Provisioning - Seneca Room

Ever dream of having all your campus services provisioned automatically?  Hear some of the benefits and ramifications of implementing various solutions as case studies from "Self-Service Menus" to Group and Role-based service provisioning are presented. 

Jacob Farmer, Identity Architect, Indiana University

Federation Experiences: Service Provider  - Grand Ballroom

Download the slides from this session

Have trouble knowing what attributes you can request from identity providers? Challenges for Service Providers in a federated environment can be much different than those experienced by Identity Providers. This session will include case studies from InCommon Service Providers sharing their experience with leveraging identity provider attributes, seamless integration of current and future services and managing multiple federations.

Debbie Bucci, Integration Services, Center for Information Technology, National Institutes of Health
Jim Basney, Sr. Research Scientist, National Center for Supercomputing Applications
Sebastian Korner, University of Michigan/Hathi Trust
Moderator: John Krienke, Chief Operating Officer, InCommon

3:45-4:00

Break

Break 

4:00-5:15

Building Blocks for 
Access Management: 
Groups, Roles, Privileges - Seneca Room

Download the slides for this session

This session presents case studies of managing the information associated with access using groups, roles and privileges.  The challenge of centralized versus distributed access management is covered as well as an overview of the Grouper Groups Management Toolkit.

Tom Barton, Senior Director for Architecture, Integration and CISO, University of Chicago

Want to Federate?
What's Next for Your Consortium? - Grand Ballroom

Download the slides from this session

Read the panel notes from this session

Think your consortium might benefit from federated identity and want to learn what it takes? Be sure to attend this session. A federation is a collaborative group of organizations, such as a health care network or a state education consortium, which agree to interoperate using a common set of rules about identity, privacy, and security.  Using case studies of successful collaboration examples, we’ll examine readiness indicators, requirements, specific benefits of federated identity, as well as best practices on how to get collaborating.

Don Hamparian, Senior Product Manager, Identity Management, OCLC 
Matt Kolb, Assistant Director, Computing Services, Academic Technology Services, Michigan State University
Mark Rank, Middleware Architect, University of Wisconsin-Milwaukee
Mark Scheible, MCNC
Moderator: Mark Beadles, Program Manager, Federated Identity, OARnet

AegisUSA Hospitality Reception - Chittenden Parlor

7:30-8:30

Breakfast  - Neil House Parlor

8:30-9:45

Campus Identity Governance  - Grand Ballroom

Download the slides from this session

You can't do IdM in a vacuum: governance provides direction, control, and accountability. External influences have an effect on governance; and now we have federation, which is yet another external influence. In this session we'll take a hard look at both identity governance and federation governance, examining best practices and lessons learned.

Read the notes from the panel

Brice Bible, Chief Information Officer, Ohio University
Mark Rank, Middleware Architect, University of Wisconsin-Milwaukee
William Schmoekel, Director of IT Services, Owens Community College
Moderator: Rodney Petersen, Senior Government Relations Officer, EDUCAUSE

9:45 - 
10:15

Final Lightning Round  - Grand Ballroom
Now that you've had a chance to hear from speakers and other CAMP attendees, this is your chance to outline any IdM projects, or federated IdM projects, that you want to pursue -- and to recruit collaborators with similar interests.

Read the notes from the lightning talks

Moderators:
Renee Shuey, Principal Lead, Identity and Access Management, Penn State
Ann West, Senior Program Manager, Internet2/InCommon

10:15-10:30

Break

10:30-Noon

Cloud Computing and IdM  - Grand Ballroom

Download the slides from this session (complete deck - 5.4 MB PDF)
Download individual speaker slides (smaller file sizes):
Ken Klingenstein
Larry Gilreath, II
Kevin Kampman
Paul Schopis

Read the notes from the panel discussion

Cloud computing has changed the landscape for the delivery of new services; for example Microsoft Office 365, WorkDay, Google applications, grid computing, Project Moonshot, and others. In addition, some campuses and resource providers have begun exploring a shared services model for some applications. Faculty, students, and staff now can make use of Service Providers that live in public and private clouds, or are shared with another institution. What lies ahead at the intersection of identity and cloud-based services?  

Larry Gilreath II, Security Technology Specialist, Microsoft U.S. Education Kevin Kampman, Senior Analyst, Burton Group Executive Advisory Program
Jack Suess, Vice President of Information Technology and Chief Information Officer, UMBC
Paul Schopis, Chief Technology Officer, OARnet
Moderator:  Ken Klingenstein, Director, Middleware Initiative, Internet2 |

This OARnet-led interactive session will feature speakers from leading-edge Service Providers with an Ohio focus; identification of Federated Identity pilot opportunities around the State; and the latest updates from the University System of Ohio’s BOR-CIO Technology & Security subcommittee and OARnet about the Ohio federated identity program.