Blog from December, 2012

InCommon Affiliate Unicon will offer two training sessions – one for CAS/Shibboleth and one for Grouper – on January 17, 2013, immediately following the Jasig/Sakai unconference. For details and registration information, go to

I’m writing this note to Internet2’s InCommon community with an update about the Shibboleth Consortium and our role.

As you may know, the Shibboleth project began under the Internet2 Middleware Initiative in 1999, with subsequent significant support from the National Science Foundation. Later that year, the project connected with the work of the OASIS SAML Working Group, participating in SAML from its initiation.

As a founding member of this effort, Internet2 has been and remains firmly committed to the ongoing development and sustenance of Shibboleth as a critical software component for many campus identity management systems. For 2012, Internet2 provided staff at the same level that we always have in previous years. Moving forward, we expect to continue our financial, technical and philosophical leadership role in this important project.

Importantly, as part of this leadership role we began a process nearly three years ago to help expand the global support and adoption for Shibboleth by creating a newly formed organization, the Shibboleth Consortium. Internet2, JISC (the operator of the UK Access Management Federation for Education and Research ) and SWITCH (the operator of SWITCHaai, the Swiss Research and Education federation) were the founding members of the consortium and remain the sustaining members today, providing the bulk of the funding for the Shibboleth Consortium.

The global partnership has worked to raise visibility of the project’s efforts. While there have been some bumps along the way and transitions in individual participants at the three founding organizations, all remain committed to the project’s objectives of furthering the use of Shibboleth within the higher education community and expanding the adoption and support within the commercial sector.

Consortium members have taken additional steps recently to strengthen the governance, funding, and project plan for the Shibboleth efforts and are releasing an updated charter this month. The consortium board has representatives from Internet2, JISC, SWITCH, and the development community that will chart the course for the project in the coming year. I am now serving as Internet2’s board representative and believe this global partnership in the middleware space is critical to future seamless adoption of cloud services within education.

The consortium board is hard at work on a revised business plan, which will include a reviewed and approved project plan, a six-quarter roadmap, an updated governance model, and a clear statement of the needed resources to support future development of the Shibboleth system in a sustainable manner.

Here in the United States, I believe the best way for campuses to participate in the Shibboleth Consortium is through InCommon. Toward that end, we will be developing a process by which InCommon participating campuses can help influence the Shibboleth development plan. As we’ve found with the InCommon Certificate Service, and with many of the Internet2 NET+ Services, coming together as a community and aggregating our input seems to be the best way to make our collective voices heard.

I look forward to working with you in assuring the continued development and success of Shibboleth. If you have questions about the Shibboleth Consortium, please contact me at

Shel Waggener
Senior Vice President, Internet2

Two Services Added to Research and Scholarship Category

Two services been approved for the InCommon Research and Scholarship Category (R&S). R&S allows participating identity providers to release a minimal set of attributes to an entire group of services, rather than negotiating attribute release one-by-one. The new R&S services include:

  • Collaboration Wiki Spaces at Internet2, a federated wiki for researchers and working groups collaborating on projects of interest to the Internet2 community
  • Narada Metrics, a service offered by the Ohio Technology Consortium (OH-TECH), providing a method for multi-domain network operators and big data researchers to share network and system performance data

Service providers (SPs) eligible for the R&S category support research and scholarship services for the InCommon community. Participating identity providers (IdPs) agree to release a minimal set of attributes to R&S SPs (person name, email address, user identifier) after making a one-time configuration to the IdP’s default attribute release policy. This provides a simpler and more scalable approach to federation than negotiating attribute release individually with every service provider.

With the addition of these new services, there are now 10 R&S SPs. Also, 38 IdPs have indicated support for the R&S category. A complete list of R&S services and the IdPs that support R&S is maintained on the InCommon web site. See the InCommon wiki for more information about the R&S Category.

Social-to-SAML: Accepting Social Identities for InCommon Federated Services

IAM Online – Wednesday, December 12, 2012
3 pm ET / 2 pm CT / 1 pm MT / Noon PT

Social-to-SAML: Accepting Social Identities for InCommon Federated Services

Is your campus providing identity services to an ever-growing group of users: student applicants, parents, community members, continuing education enrollees, friends of the institution?  Some schools are using social identities (e.g., Google and Yahoo) to provide access to selected federated services, rather than creating university IDs for users who may have little or no continuing relationship with the institution.

This IAM Online will feature case studies for leveraging social identity, which allows people to log in through social identity providers and access certain protected campus resources. Attendees will also learn about a pilot Social-to-SAML gateway developed as part of the InCommon social identity working group and hosted by the University of Texas System.

Please plan to join us! You'll find more information about the presentation at


Catherine Zabriskie, Director, Academic Technology Services, Brown University

Paul Caskey, Chief Technology Officer, University of Texas System

Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications (operator of CILogon)

Host and Moderator: Steve Carmody, IT Architect, Brown University


We use Adobe Connect for slide sharing and audio: For more details, including back-up phone bridge information, see

About IAM Online

IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by Internet2’s InCommon community and the EDUCAUSE Identity and Access Management Working Group.