Handling Affiliate Populations
IAM Online - Thursday, June 10, 2010
1 p.m. EDT / Noon CDT / 11 a.m. MDT / 10 a.m. PDT
www.incommon.org/iamonline
Hot Topics and Current Issues in Identity and Access Management: Handling Affiliate Populations
Guests, parents and other affiliated populations may fall outside of the norm for an identity management system that was originally developed to accommodate faculty, staff and students. This session will explore the capabilities of a guest and affiliate system and ways in which to track these populations, including provisioning and deprovisioning services.
This IAM Online was developed in conjunction with the leadership of the EDUCAUSE Identity and Access Management Working Group. Hot topics and current issues gleaned from questions posed to the Identity Management Discussion Group, federal policy developments affecting identity and privacy, and other higher education and industry initiatives.
Hosts: Linda Hilton and Renee Shuey, Co-Chairs of EDUCAUSE Identity and Access Management Working Group
Guest Speakers:
- Brendan Bellina, Identity Services Architect and Manager of Enterprise Middleware Identity Management at the University of Southern California.
- Liz Salley, Product Manager, Information and Technology Services, University of Michigan.
Connecting
We use Adobe Connect for slide sharing and audio. All questions will be taken via chat: http://internet2.acrobat.com/iam-online.There is a back-up dial-in conference call number for listening if you are away from your computer. See www.incommon.org/iamonline for information.
About IAM Online
IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.
This is an update on the InCommon Certificate Service.
A revised FAQ for the InCommon certificate service has been posted on the InCommon website.
Major changes include:
- the agreement with Comodo has been signed
- a revised fee schedule substantially reduces pricing for university systems joining as a single entity
- not-for-profit regional networking organizations may participate
- a restriction on the use of non-EV certs for servers/services used for financial and monetary purposes has been removed.
You'll find the new FAQ, including the fee schedule, at www.incommon.org/cert
The production date is still expected to be sometime late this summer. The service will start with SSL certs, then - after community working group input - will phase in code signing and then personal certs.
To stay up-to-date on the cert service, subscribe to the inc-cert email list. Send email to sympa@incommonfederation.org with this in the subject line: subscribe inc-cert.
The InCommon Metadata Signing Cert EXPIRES JUNE 21st.
The new cert is available for 1 week of testing in the following location.https://wayf.incommonfederation.org/bridge/certs/incommon-test.pem
After one week of testing, it will replace the expiring cert in the production location:https://wayf.incommonfederation.org/bridge/certs/incommon.pem
At that time, the expiring cert will be moved to the following location:https://wayf.incommonfederation.org/bridge/certs/incommon-exp_2010-06-21.pem
-------------------
WHAT YOU SHOULD DO
-------------------
Download the new cert at the test link above. If the cert validates both the Current and Test Metadata, then start using the New cert right away.
------------------
1 WEEK OF TESTING
------------------
Testing will occur from Tuesday MAY 25th through Tuesday JUNE 1st.
- The current (expiring in June) metadata signing Cert will be available in the production location.
o Production Location: https://wayf.incommonfederation.org/bridge/certs/incommon.pem - We will publish metadata signed by old and new certs:
- Metadata locations:
o http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
o http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml - We will produce a prod-test diff between the metadata files and post it to the metadata-diff email list and archive
- We will also test with a very old, already-expired cert with the same key (March 2005), validating the test Metadata, in order to forecast problems that may occur. None are expected as we had no problems with certificate renewal 2 years ago. We've already successfully tested with our Internet2 IdP and found no problems with validating the metadata.
-------------------------
Notifications email list
To subscribe to the notification-only email list that provides InCommon operations notifications, send email to sympa@incommonfederation.org with the subject: sub inc-ops-notifications
Notes from the InCommon Forum at the Internet2 2010 Spring Member Meeting (April 27, 2010) are now available on the InCommon wiki. The Forum covered a wide range of topics, including:
- Update from InCommon operations
- Update from federation efforts at the National Science Foundation
- Update from the National Institutes of Health
- Discussion of the uApprove user consent application
- Consideration of a default set of attributes provided by IdPs
- Bronze and Silver Identity Assurance Profiles update
- A brief discussion of the eduRoam federated wireless access system that is widely deployed in Europe.
Go here to read the notes. Additional information about InCommon at the 2010 Spring Member Meeting is here.
Registration for CAMP: Exploring and Supporting Federated Access is again open.
Previously closed due to reaching facility capacity, the meeting will now be held in a larger space. InCommon is again inviting higher education and its federal and corporate partners to Raleigh, North Carolina on June 21-23 to participate.
For more information on the meeting or to register, see http://incommon.org/camp.
The IAM Online session presented Thursday, May 13, 2010, is now available via Adobe Connect archive. To access the session, go to http://internet2.na6.acrobat.com/p49922975/
This session, titled "Toward Common Identity Services" looks at identity services problems by considering two specific examples. One is the integration of uPortal with Grouper, and the other is an implementation of the permissions service of Kuali Identity Management (KIM) with a campus privilege management system.
Speakers include Chris Hyzer (University of Pennsylvania), Jen Bourey (Unicon), Tony Potts (rSmart) and Dan Seibert (University of San Diego), and the host was Tom Barton (University of Chicago).
Other archived IAM Online sessions, and a schedule for upcoming offerings, are available at www.incommon.ogrg/iamonline.
IAM Online, Thursday, May 13
1 p.m. EDT / Noon CDT / 11 a.m. MDT / 10 a.m. PDT
IAM Online is a monthly series delivering interactive education on Identity and Access Management (IAM). This series is brought to you by the InCommon Federation in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group. www.incommon.org/iamonline.html
-----------
TOPIC: Advanced Topics in Federated Identity Management: Toward Common Identity Services
This session will look at identity services problems by considering two specific examples. One is the integration of uPortal with Grouper, and the other is an implementation of the permissions service of Kuali Identity Management (KIM) with a campus privilege management system. This IAM Online will preview the types of objectives we will work on at the Advance CAMP: The Second Identity Services Summit, June 23-25. The goal of Advance CAMP is to spur development of identity and access management (IAM) interfaces and infrastructure to enable delivered software to be easily integrated with enterprise IAM services.
SPEAKERS: Chris Hyzer (University of Pennsylvania), Jen Bourey (Unicon), Tony Potts (rSmart) and Dan Seibert (University of San Diego).
HOST: Tom Barton, Sr. Dir. of IT Architecture & Integration at the University of Chicago
-----------
HOW TO JOIN:
We will use Adobe Connect for slide sharing, audio and to pose questions via the chat function. A conference call bridge will be available for those not near a computer.
Adobe Connect: http://internet2.acrobat.com/iam-online
Optional Dial-in numbers for those not joining through Adobe Connect:
+1-734-615-7474 preferred (if you don't pay for long distance)
+1-866-411-0013 (US/Canada only, if you pay for long distance)
Access Code: 0157272#
-----------
ABOUT IAM ONLINE:
IAM Online includes the essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts will provide overviews, answer questions and lead discussions.
**************************************************
Advance CAMP: The Second Identity Services Summit
June 23-25, 2010
Raleigh, North Carolina
**************************************************
Registration for Advance CAMP continues, but the early bird rate will end after May 10. If you are planning to attend, make your reservation today.
If you're interested in working together to align IAM approaches to ensure that delivered software will be more secure, easier to integrate, consistent and usable, join your colleagues at the upcoming Advance CAMP: The Second Identity Services Summit.
Building on last year's Identity Services Summit, we'll hear from suppliers and consumers of identity services across several projects and development frameworks. We will determine specific steps as we continue moving towards de facto standardization. Architects, developers, and deployers of open source and commercial-sponsored software, services, and frameworks will find participation most useful.
Outcomes of this discussion-oriented, participant-driven meeting are to:
- Develop new IAM requirements for current projects, products, and development frameworks
- Identify opportunities for new IAM-oriented projects, align complimentary work, and collaborate on solutions
- Set the direction for the community on what's next for identity-related activities and resources
Meeting participants will:
- Engage in solving identity-related challenges of importance to you
- Hear about who's doing what and how to participate in or leverage their activities
- Consider the modern Internet identity landscape and the potential soultions available for solving problems for extended communities
- Look closely at possible common integration solutions
- Work together to more fully develop requirements, solutions, or use cases
- Review results from the 2009 Identity Services Summit event and share progress over the subsequent year
- Consider technologies such as Facebook, OAuth, OpenID, SAML, Kuali KIM, OpenSocial, Spring, and Django among others
For more information, and to register, go to the Advance CAMP web page.
***********************************************************************
CAMP: Exploring and Supporting Federated Access
Raleigh, North Carolina * June 21-23, 2010 * www.incommon.org/camp
***********************************************************************
The program for CAMP: Exploring and Supporting Federated Access is now available at https://spaces.at.internet2.edu/display/CAMPJune2010/Program.
EARLY BIRD REGISTRATION ENDS MAY 10. Register now at www.incommon.org/camp. Organizations are encouraged to send IT managers, policy and security staff, and technical implementers.
SESSIONS FOR THOSE NEW TO FEDERATED ACCESS include:
- Why InCommon? Participants Talk About the Value Proposition
- Getting Started with InCommon: Identity and Service Providers
- Getting Started with InCommon: Creating Your Roadmap
- Optional Planning Sessions
SESSIONS FOR THOSE ALREADY IN PRODUCTION include:
- What's New with SAML 2?
- Panel Session: Attributes and uApprove
- Find the Silver Lining in Federated Cloud Computing
- Bronze & Silver Identity Assurance Profiles for Technical Implementers
WORKING WITH SERVICE PROVIDERS? Invite them to CAMP to learn more. The meeting is open to all higher education and their partners, including corporate organizations.
FOR THOSE NEW TO FEDERATED IDENTITY, consider attending the premeeting seminar "The Big Picture: Introduction to Federated Identity Management" to learn what it is and how it fits with your identity and access management infrastructure. Details at www.incommon.org/camp
ADVANCE CAMP: THE SECOND IDENTITY SERVICES SUMMIT will be held just following the InCommon CAMP. Information can be found on the CAMP landing page: www.incommon.org/camp
RESOURCES AND OPPORTUNITIES for learning more about federated identity can be found on the InCommon Federation site: www.incommon.org
CAMP SPONSORS
CAMP is sponsored by the InCommon Federation in cooperation with Internet2 and EDUCAUSE.
InCommon News - May 5, 2010
---------------
In This Issue:
- CAMP Early-Bird Deadline May 10
- Advance CAMP Early-Bird Deadline Also Approaching
- IAM Online May 13: Toward Common Identity Services
- Featured Affiliate: AegisUSA
- New Case Studies from InCommon
- National Student Clearinghouse Federates Student Self-Service
- Drivers for the California State University System
- InCommon Certificate Service to Roll Out This Summer
- Bronze, Silver Identity Assurance Profiles Submitted to ICAM
- New Participants
- New Sponsored Partners
- InCommon Affiliate Program Welcomes Unicon, AegisUSA
---------------
CAMP: Exploring and Supporting Federated Identity Management
Early-Bird Registration Deadline May 10
The early-bird registration deadline is fast approaching for CAMP: Exploring and Supporting Federated Identity Management. CAMP includes sessions for new InCommon participants (and those considering joining), as well as a track for management and technical implementers with federated IdM already in place. www.incommon.org/camp.
---------------
Advance CAMP: The Second Identity Services Summit
Early-Bird Deadline May 10
Advance CAMP: The Second Identity Services Summit will be a discussion-oriented, participant-driven meeting to develop new IAM requirements for current projects, products, and development frameworks; and to set the direction for the community on what's next for identity-related activities and resources. The early-bird registration deadline is May 10. www.incommon.org/camp.
---------------
IAM Online May 13 - Toward Common Identity Services
This session will look at identity services problems by considering two specific examples. One is the integration of uPortal with Grouper, and the other is an implementation of the permissions service of Kuali Identity Management (KIM) with a campus privilege management system. This IAM Online will preview the types of objectives of the Advance CAMP: The Second Identity Services Summit. www.incommonfederation.org/iamonline.html.
---------------
Featured Affiliate for May: AegisUSA
AegisUSA is a Denver-based identity management solution provider. With more than 50 clients in higher education, AegisUSA brings a high level of experience and expertise to the InCommon Affiliate program. With its Federated Identity Appliance for Education (hardware or VM version), the company provides a turnkey, cost-effective solution for universities (IdP's) to join InCommon in 30 days or less. www.aegisusa.com
---------------
New Case Studies from InCommon
InCommon released two new case studies at the 2010 Internet2 Spring Member Meeting last week. One looks at the pilot between Stanford University and the National Student Clearinghouse and the other demonstrates the California State University system's plans for federating. www.incommon.org/cases.html
---------------
InCommon Certificate Service to Roll Out This Summer
InCommon has reached an agreement, in principle, to offer the InCommon Certificate Service to the higher education community, providing unlimited server and personal certificates at a low, fixed fee. Full rollout is expected this summer. www.incommon.org/cert
---------------
Bronze, Silver Identity Assurance Profiles Submitted to ICAM
InCommon has submitted its Bronze and Silver Identity Assurance Profiles to the ICAM (Identity, Credential, and Access Management) program of the federal government's GSA. Acceptance by ICAM would approve InCommon as a trust framework provider for the federal government.
--------------------
New Participants in April
Higher Education
- University at Albany, State University of New York (www.albany.edu)
- Coconino County Community College (www.coconino.edu)
Sponsored Partners
- CSO Research (www.csoresearch.com)
- Leepfrog Technologies (www.leepfrog.com)
--------------------
New Sponsored Partners
CSO Research, Inc. (www.csoresearch.com) is an Austin-based software company that automates university career services offices. CSO's software manages all aspects of career centers, internship offices, student employment offices and volunteer centers at hundreds of universities in North America and the UK. CSO's academic clients use its web-based product to manage student, employer and faculty relationships, distribute job posting and career fair information to students, help employers to attend job fairs and interview students on-campus, and find full- and part-time jobs for students and alumni. CSO serves over 500 campuses and over one million college students per year.
Leepfrog Technologies (www.leepfrog.com) is a software development firm, offering a content management system, a catalog management system, a high-volume email delivery system, and other campus-oriented technologies.
--------------------
New Affiliates
InCommon welcomes the first two members of the new Affiliates Program, which provides the research and education community a way to connect with partners able to help build the necessary underlying infrastructure that supports federated access. www.incommon.org/affiliate
Unicon, Inc., is a leading provider of IT consulting services for the education market, specializing in using open source technologies to deliver flexible and cost-effective systems in the areas of enterprise portals, LMS, authentication, video, calendaring, email, and collaboration. Unicon services for Shibboleth Federated Single Sign-On Service include implementation planning, branding, installation, configuration, custom development, mentoring and support. www.unicon.net.
AegisUSA is an identity management solution provider with experience with more than 60 clients. AegisUSA's solutions include identity appliances, identity assessments, and custom implementations for Oracle, Sun, Microsoft, and open source software. The AegisUSA Federated Identity Appliance for Education provides turnkey, production-ready infrastructure necessary to enable federated SSO with members of the InCommon Federation. www.aegisusa.com.
--------------------
InCommon News is published by the InCommon Federation (www.incommon.org) for its participants and other interested parties. InCommon is an LLC of Internet2. Send feedback or comments to incommon-info@incommonfederation.org.
This newsletter is sent to incommon-announce@incommonfederation.org. To subscribe or unsubscribe, send an email to sympa@incommonfederation.org with one of these messages in the subject: subscribe incommon-announce or unsubscribe incommon-announce. You can also subscribe to the InCommon RSS news feed, which includes this newsletter, by visiting www.incommon.org/contacts.cfm.