Blog from March, 2013

Fischer International Offers Hosted Federation Service at No or Reduced Charge

Institutions considering outsourcing the management of their federated identity infrastructure can do so at no or reduced charge through Internet2's InCommon affiliate, Fischer International Identity. Qualified institutions receive two years Shibboleth Identity Provider (IdP) hosting with 24/7 management for up to 5,000 full-time equivalent students at no charge.

Fischer is also offering the service through regional networks, such as OARnet, which operates the Ohio broadband network for education, K-12 and state and local government, as well as IT infrastructure and innovative services. OARnet will be the first regional network to host the service. Fischer is currently undergoing the Internet2 NET+ Service validation process.

Here is the complete announcement. See the InCommon Affiliate Program website for more information about Fischer International and the InCommon Affiliate Program.

Registration is open for two Shibboleth installation workshops

May 14-15, 2013, at Citrus College in Glendora, California

June 17-18, 2013, at MCNC in North Carolina’s Research Triangle Park (near Durham)

Both workshops will use the same curriculum for those who need training on installation of the Shibboleth single sign-on and federating software. The training is designed for those who have decided to deploy a web single sign-on system and leverage it to access resources and contracted services through InCommon.

Each location will offer two days of training, with the first dedicated to the identity provider portion of the software, and the second covering the service provider. Attendance is limited to 44 for each day. Registration will close when capacity is reached or one week prior to the workshop dates.

Details and registration are available at (North Carolina institutions receive a discount through April 30, 2013. Email Steve Thorpe at MCNC for details ( Please note there is separate registration for each day.

The workshops will provide you with technical installation and configuration experience with Shibboleth Single Sign-on and Federating Software, version 2. The workshops will offer the chance to:

  • Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
  • Hear tips for configuring and running the software in production.
  • Learn about integration with LDAP directories and selected packages.

AUDIENCE includes higher education and partner organization representatives with knowledge of identity management concepts and related implementation experience. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

REGISTER SOON ( to reserve a seat. Participation is limited to maintain program quality. NOTE: There is a separate registration process and fee for each workshop (IdP and SP). If you wish to attend both days, be sure to register for each.

RESOURCES: To learn more about Shibboleth, see the Shibboleth wiki ( More information on federated identity can be found at

This Shibboleth Workshop Series event is sponsored by InCommon, Internet2, the California Community Colleges, Citrus College, and MCNC.

LIGO Wiki Approved for Research & Scholarship Category

The LIGO Wiki has been approved for the InCommon Research and Scholarship Category (R&S). This is the second LIGO resource to be approved for the R&S Category. R&S allows participating identity providers to release a minimal set of attributes to an entire group of approved services, rather than negotiating attribute release one-by-one.

The Laser Interferometer Gravitational-Wave Observatory (LIGO) is a facility dedicated to the detection of cosmic gravitational waves and the measurement of these waves for scientific research. It consists of two widely separated installations within the United States, operated in unison as a single observatory. This observatory is available for use by the world scientific community, and is a vital member in a developing global network of gravitational wave observatories.

Service providers (SPs) eligible for the R&S category support research and scholarship services for the InCommon community. Participating identity providers (IdPs) agree to release a minimal set of attributes to R&S SPs (person name, email address, user identifier) after making a one-time configuration to the IdP’s default attribute release policy. This provides a simpler and more scalable approach to federation than negotiating attribute release individually with every service provider.

With the addition of these new services, there are now 11 R&S SPs. Also, 42 IdPs have indicated support for the R&S Category. A complete list of R&S services and the IdPs that support them is maintained on the InCommon web site. See the InCommon wiki for more information about the R&S Category, including application forms for both SPs and IdPs.

Scalable Privacy Project Seeks Campuses for Multifactor Authentication Cohortium

The Internet2 Scalable Privacy Project (ScalePriv), funded with the recent NSTIC grant to Internet2, is seeking campuses to participate in the Multi-factor Authentication (MFA) Cohortium" (see definition below). Applications are open until April 12, 2013.

The MFA Cohortium is a ScalePriv-supported group of institutions sharing their explorations, experiences, expertise, artifacts, and overall "journey" in learning about, planning for, and deploying multi-factor authentication for a variety of key use cases within each institution, as well as federated access to services. It will be a facilitated and focused 15-month effort to help you (as a participating institution) make real progress towards MFA deployments. It will enable your institution, and higher education more broadly, to answer the questions "where do we need MFA?," "how do we deploy it?," and "what will it cost and what is our ROI?." And it will be focused on the research and education (R&E) community, dealing with issues and use cases of particular concern within R&E such as integrating MFA into WebSSO, sensitive data, cloud services, distance learners, bring-your-own-device, and the return on investment (ROI) within the R&E environment.

Important highlights:

  • Will provide your institution broader access to expertise, resources, and collaborators to help you accomplish your MFA goals.
  • Enable a significant advancement in the deployment of Multi-factor Authentication across Higher Education.
  • Combining MFA with federation can multiply the impact and reach of MFA to inter-institutional, shared resource, and cloud service environments.
  • A key effort within the Internet2 Scalable Privacy Project.
  • 15-month facilitated collaborative effort beginning in April 2013 and ending in June 2014.
  • Number of institutions accepted for participation in the Cohortium may need to be restricted, depending on response, to ensure value and effective collaboration for the member institutions.

The full Call for Participation, containing a much richer explanation of the goals of the MFA Cohortium, more detailed information on what it will do and how it will operate, the expectations for institutions participating, and what information is needed in your "application to join", can be found at:

Call for Participation:

One option for applying will be to use the web-based application form:

Apply online at:

Remember, the closing date for applications is April 12, 2013. Questions may be sent to: .

cohortium: "Group of institutions sharing their explorations, experiences, expertise, artifacts, and overall journey," in this case of planning for and
deploying multi-factor authentication.

  • Cohort: In statistics and demography, a cohort is a group of subjects who have shared a particular event together during a particular time span [cohort (statistics) from Wikipedia].
  • -tium added to noun base to create abstract noun, "something connected with the act," could mean "act, condition, office of...".

March 2013 InCommon Update

InCommon has published the March issue of InCommon Update. Headlines

  • U.S. Government Approves New Assurance Profiles
  • Virginia Tech Publishes Assurance Case Study
  • New Members Appointed to Assurance Advisory Committee
  • Online Trust Alliance Publishes Best Practices Document
  • Weak Keys (Almost) Eradicated from Metadata
  • IAM Online March 13: Three Campus Case Studies of Managing Access with

Three Appointed to Assurance Advisory Committee

The InCommon Steering Committee has appointed three new members to the Assurance Advisory Committee (AAC), the oversight body of the InCommon Identity Assurance Program.

Debbie Bucci is an IT architect at the National Institutes of Health, and also is security advisor to the chief privacy and security officer at the Office of the National Coordinator for Health Information Technology, Department of Health and Human Services. She serves the AAC as one of two at-large members.

Tricia Craig is principal auditor in the Office of Internal Audits at Duke University. She serves as one of the two auditors on the AAC.

Doug Falk is vice president and chief information officer at the National Student Clearinghouse. He holds one of the two service provider stakeholder positions on the committee.

The AAC, which has a maximum of 10 voting members, is responsible for:

  • Providing oversight of the entire InCommon Identity Assurance Program
  • Reviewing applications for certification to one or more of the InCommon assurance profiles, and making recommendations for approval or denial to the InCommon Steering Committee
  • Recommending changes to the Identity Assurance documents and program

Details of the assurance program, and a complete AAC roster, are available at

The InCommon Assurance Program awards certifications to identity providers that support criteria for consistent electronic credential and identity management practices. These practices increase the confidence in a user’s electronic identity and help mitigate risk for the campus and local or cloud service provider. InCommon has published two assurance profiles, Bronze and Silver, which are comparable with federal Levels of Assurance 1 and 2, respectively.