Blog from June, 2012

Quest Software Joins Affiliate Program

Internet2 announced today that its InCommon Affiliate Program welcomes Quest Software Public Sector as a new Affiliate.

Internet2’s InCommon provides a number of trust services for the research and higher education community, including the U.S. identity management federation, providing a secure and privacy-preserving method for single sign-on access to protected or licensed online resources. The Affiliate Program provides the research and education community with a way to safely and efficiently connect with partners that can help build the necessary underlying infrastructure to participate in this federation.

Quest Software, a global software company offering a broad and deep selection of products that target common IT challenges, works with education and research institutions across North America to improve and simplify IT management. The Quest One Identity Solution makes identity management and access governance more efficient and effective for public sector organizations, and allows them to focus on mission-critical priorities. Quest One dramatically simplifies access governance, privilege account management, identity administration, and user activity monitoring.

"Quest Software Public Sector is proud to join InCommon as an Affiliate", said Paul Christman, president and chief executive officer of Quest Software Public Sector.  “Quest is uniquely positioned to deliver the most comprehensive identity and access management solution on the market that enables organizations to save time, reduce costs and increase security.”

“Security, privacy, and managing costs continue to be of critical concern to higher education in general and identity and access management operations in particular,” said Jack Suess, chief information officer and vice president for information technology at the University of Maryland, Baltimore County and chair of the InCommon Steering Committee. “We believe Quest and its identity solution is a strong addition to the Affiliate Program as a way to help campuses manage these issues.”

InCommon serves more than 400 participating organizations, including research and higher education organizations and their sponsored partners. In addition to operating the U.S. trust federation for research and education, InCommon also provides the community-driven InCommon Certificate Service, the Assurance Program for enhanced identity management practices, and a Multifactor Authentication program for enhanced security.

For more information about the Affiliate Program, and a list of current affiliates, go to

About Internet2
Internet2 ®, whose network is operated and led by U.S. research universities, is one of the worldʼs most advanced networking consortia for global researchers and scientists who develop breakthrough Internet technologies and applications, and spark tomorrowʼs essential innovations. Internet2 consists of more than 350 U.S. universities, corporations, government agencies, laboratories, higher learning, research and education networks, and other organizations.

About Internet2’s InCommon
InCommon ®, operated by Internet2, serves the U.S. education and research communities, supporting a common framework of trust services and operating the InCommon Federation, the U.S. trust federation for research and education, the community-driven InCommon Certificate Service, the Assurance Program for enhanced identity management practices, and a Multifactor Authentication program for enhanced security. The InCommon Federation enables scalable, trusted collaborations among its community of participants. The Certificate Service offers unlimited certificates to the U.S. higher education community for one fixed annual fee. For more information, see

About Quest Software
Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments.  For more information about Quest solutions for application management, database management, Windows management, virtualization management, and IT management, go to

In January 2010, InCommon Operations announced that all certificates in metadata must have at least 2048-bit keys by the end of December 2012. While all new certificates are now required to have at least 2048-bit keys, there are a number of certificates in metadata with keys less than 2048 bits. These must be replaced ASAP but no later than December 2012.

InCommon is providing guidance on this process, including a list (updated daily) of certificates in metadata with 1024-bit keys, and how to migrate to new certificates containing 2048-bit keys.

The Indiana CTSI HUB service has been approved for the Research and Scholarship category. The CTSI HUB represents a statewide collaboration between Indiana University, Purdue University and the University of Notre Dame biomedical researchers.  Indiana CTSI also partners with Indiana public health organizations and with researchers worldwide to help accelerate the translation of scientific discoveries in the lab into new patient treatments.

Service providers (SPs) eligible for the R&S category support research and scholarship activities such as virtual organizations and campus-based collaboration services. Participating identity providers (IdPs) agree to release a minimal set of attributes to R&S SPs (name, email address, user identifier, and affiliation). This can be done with a one-time modification to the IdP’s default attribute release policy, which applies to the entire R&S category. This provides a simpler and more scalable approach for IdPs than negotiating attribute release individually with every service provider.

See the InCommon wiki for complete information about the R&S Category. A complete list of R&S services is available via the Federation Info web pages.

EDUCAUSE focused on the CommIT Collaborative, a joint effort of InCommon and PESC, in written comments submitted last week in response to a U.S. Department of Education (ED) notice. The Department of Education intends to hold a negotiated rule-making process later this year on financial aid fraud in online/distance learning programs. According to a blog post by Jarret Cummings, an EDUCAUSE policy specialist, "EDUCAUSE highlighted the opportunity that federated identity management in the form of InCommon, when extended to students prior to their enrollment in college through CommIT, might play in affordably and effectively addressing the identity verification needs of both institutions and ED." Read the full EDUCAUSE post.

The June issue of the monthly InCommon newsletter is now available. Read about:

Duo Security Multifactor Offering
June 13 IAM Online
Revised Assurance Documents Approved
New Participants

....and more.

The InCommon Steering Committee approved the new 1.2 versions of the Identity Assurance Assessment Framework and Identity Assurance Profiles.

One of the primary goals for this revision is to simplified the deployment of Bronze (LoA1) for Identity Provider Operators by, among other things, eliminating the audit requirement. The next step is to send these to the US Government Identity Credential and Access Management Program for their review and to continue InCommon's certification as a trust framework provider using this new specification.

Interested in Remote Identity Proofing to achieve Silver Certification? A community group is forming to develop some recommendations.

Our first discussion is scheduled for Wednesday June 6 at Noon.

Dial-in numbers:
+1-734-615-7474 (Please use if you do not pay for Long Distance)
+1-866-411-0013 (toll free US/Canada Only)
Access codes: 0113802

Please join us.

IAM Online - Wednesday, June 13, 2012

3 p.m. ET / 2 p.m. CT / 1 p.m. MT / Noon PT


Multifactor Authentication Approaches and Multifactor for InCommon Silver

Multifactor authentication (also referred to as two-factor authentication) adds another level of complexity and security to a password-only arrangement. Interest in multifactor continues to grow, as some federal agencies move in that direction. InCommon has added service offerings in this area, as well, and some schools now plan to use a second factor as a way to meet the requirements of the InCommon Silver Assurance Profile.

Join our speakers to learn the basics about multifactor authentication, the pros and cons of different approaches to multifactor, and how one campus plans to use this approach for InCommon Silver


Rodney Petersen, Senior Government Relations Officer and Managing Director, Washington Office, EDUCAUSE


Rob Carter, Identity Management Architect, Duke University
Mary Dunker, Director of Secure Enterprise Technology Initiatives, Virginia Tech


We use Adobe Connect for slide sharing and audio: For more details, including back-up phone bridge information, see

About IAM Online

IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.