Blog from February, 2013

IAM Online – Wednesday, March 13, 2013

3 pm ET / 2 pm CT / 1 pm MT / Noon PT

Three Campus Case Studies of Managing Access with Grouper

Is your campus looking for more efficient ways to manage access to course materials, administrative data, and even HR data? Wondering how to set up roles and permissions for administrators, staff and students allowing them to access the resources they need? Tune into the March 13 IAM Online to hear three case studies from three campuses highlighting how Grouper, the open source access management software from Internet2, is being used to address group and access management challenges.

Host and Moderator: Tom Barton, University of Chicago

Paul Donahue, University of Madison-Wisconsin
Gagne Sebastien, University of Montreal
Rahul Doshi and Michael Gettes, Carnegie Mellon University


We use Adobe Connect for slide sharing and audio: For more details, including back-up phone bridge information, see

About IAM Online

IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by Internet2’s InCommon community and the EDUCAUSE Identity and Access Management Working Group.

InCommon proudly announces new Assurance Program specification documents that offer significant community benefits, including a much easier path toward Bronze certification, and approval by the U.S. government. The changes come after extensive work by the research and higher education community.

The new revision (version 1.2) removes the requirement of an audit for InCommon Bronze so that an identity provider can attest compliance by simply signing an agreement. In addition, there are no additional fees for Bronze certification.

The revised documents also have won the approval of the Federal Identity, Credential, and Access Management (FICAM) organization, which means that InCommon continues as research and education’s trusted-identity framework provider to the U.S. government. Identity providers with InCommon Bronze or Silver certification can provide trusted credentials to federal relying parties, like the National Science Foundation and the National Institutes of Health. FICAM coordinates the federal trust framework provider (TFP) application program, which certifies credential providers for use by federal relying parties.

“Broad adoption of Bronze will send a strong signal to federal agencies that assurance is very important to higher education, and we urge every InCommon identity provider to consider applying for Bronze certification,” said John Krienke, InCommon’s chief operating officer. “The Assurance specifications also provide an excellent way to ensure an up-to-date authentication infrastructure.”

With this revision, identity providers have flexibility in how they comply with the specification by proposing alternative approaches for meeting or exceeding the published Bronze or Silver Identity Assurance Profile requirements. InCommon’s Assurance Advisory Committee will consider these alternative means, and once approved, the approach is added to the specification and therefore reusable by others.

The InCommon Assurance Program awards certifications to identity providers that support criteria for consistent electronic credential and identity management practices. These practices increase the confidence in a user’s electronic identity and help mitigate risk for the campus and cloud service provider. InCommon has published two assurance profiles, Bronze and Silver, which are comparable with federal Levels of Assurance 1 and 2, respectively.

More information and copies of the revised assurance documents are available at

Community Update – InCommon Technical Advisory Committee

Friday, February 22, 2013

Noon ET | 11 am CT | 10 am MT | 9 am PT

The InCommon TAC will provide a quarterly update of its technical goals and discuss some of the projects currently underway. We'll provide you with an opportunity to contribute to these projects, and we are interested in your thoughts and discussion.

This one-hour session will include a general overview, plus information about three specific area in which groups have either continued work, or are starting to work:

  • Interfederation
  • Certificate manager tools
  • Revised Assurance documents (v1.2)

Slide sharing and one-way audio will be available via Adobe Connect. If you wish to join the discussion, two-way audio is via the Internet2 phone bridge. Details are below. We look forward to your joining us on February 22.

Adobe Connect:

Dial-in Information:
734-615-7474 (please use if you don't pay for long distance)
866-411-0013 (toll-free US/Canada)

PIN: 0101010# (everyone joins on mute — press ##1 to unmute your phone)

February 2013 InCommon Update Available

The February InCommon Update is now available. Topics include:

  • IAM Online: Accepting Social Identities: Integration with SAML and Deployment Strategies
  • New Pricing for Duo Security Second-Factor Authentication
  • InCommon Steering Adds Two Members
  • Hamilton College - Participant #500
  • New Three-Year Comodo Agreement
  • New Certificate Service Subscribers
  • New InCommon Participants
  • New Sponsored Partners
    • MediaCore
    • TeamDynamix

Internet2, Comodo Extend Certificate Service Partnership Through 2016

Internet2 and Comodo have signed an agreement extending their successful partnership, offering digital certificates through the InCommon Certificate Service. The new agreement will run through 2016.

In its first three years of operation, the certificate service has attracted 221 subscribing institutions. Any higher education institution with its primary location in the US is eligible for the program. The service provides subscribers with unlimited SSL, client (personal), extended validation, and code-signing certificates for one annual fee. Internet2 member institutions receive an additional discount.

More information about the service, and information about how to subscribe, is at