December InCommon Newsletter
Here are this months topics; see the full newsletter for details.
- Holiday Hours - Limited Metadata Signing
- IAM Online Fri., Dec. 13 - "Trust and Identity: Beyond the Federation"
- U of Nebraska Medical Center First to Self-Attest Bronze Certification
- InCommon Affiliate Webinar Dec. 18: Aegis Identity and the P-20 Impact of IAM
- Federation Deploying New Metadata Aggregates
- Research and Scholarship at 63 IdPs
- New Certificate Service Subscribers
- New InCommon Participants
University of Nebraska Medical Center First to Self-Attest for Bronze Certification
The University of Nebraska Medical Center (UNMC) has become the second higher-education organization to become certified for the Bronze Identity Assurance Profile under the InCommon Assurance Program.
UNMC is also the first to use the representation of conformance method for qualifying for Bronze certification. Using this simplified approach for Bronze requires no audit; the identity provider attests to compliance by signing the assurance addendum to the InCommon participation agreement. You can see UNMC’s implementation example on the wiki (go to https://spaces.at.internet2.edu/x/gJmKAQ and look for “Bronze” under “implementation examples”).
“Since we were already aligned with HIPAA requirements, there were only a few things left that we had to do to qualify for Bronze,” said Sharon Welna, chief information security officer for the University of Nebraska Medical Center.
InCommon developed the assurance program as part of its mission to provide secure and privacy-preserving trust services for its participants. Enabling higher-value, higher-risk services requires increased trust by the organizations that run the identity and cloud services.
InCommon currently has two assurance profiles — Bronze and Silver. Bronze, comparable to the National Institute of Standards and Technology (NIST) Assurance 1 level, has credential security associated with basic Internet interactions. Silver, comparable to NIST’s level of Assurance 2, requires proof of identity and has security appropriate for higher-risk transactions.
Also in recent months, InCommon has made available an option (called alternative means) for achieving Silver certification that uses Safenet tokens and multifactor authentication. The assurance program allows for such approved alternative means for satisfying the criteria that an identity provider must meet to achieve certification. More information is available at https://www.incommon.org/assurance/alternativemeans.html
More information about the assurance program is at assurance.incommon.org.
Internet2 2013 Holiday Closing; Metadata Signing Info
The Internet2 offices will close on December 24, 2013, and reopen on January 2, 2014, so our staff can spend time with family and friends during the holidays. InCommon will only sign metadata *once* during this holiday break – on Monday, December 30, 2013 (at approximately 2:30 pm ET).
While our normal business services will be deferred until after the first of the year, critical federation services will continue to operate around the clock, including the Discovery Service, the Error Handling Service, the Gateway Service, and the Metadata Service. Visit our wiki for more information about these federation services.
All of us at InCommon hope that your holidays are warm and joyous and include spending time with family and friends. We are grateful that you are part of the InCommon community, and appreciate all of your contributions to making this a most successful endeavor. We look forward to working with you in 2014.
Happy Holidays from all the staff at InCommon/Internet2.
P.S. Here is a list of other holidays throughout the year when we do not sign metadata.
IAM Online - December 13
Trust and Identity: Beyond the Federation
Friday, December 13, 2013
3 pm ET | 2 pm CT | 1 pm MT | Noon PT
www.incommon.org/iamonline
Think InCommon is a federation? Think again. Come join us to learn more about InCommon's expanding role in Trust and Identity for higher education. After conducting a comprehensive review of the identity and access control landscape, Internet2 and InCommon are looking to ensure that all of the various components – tools, software, practices, infrastructure and standards – are consistent, community-focused, and well coordinated.
The InCommon Steering Committee will take a leading and expanded role in Trust and Identity, directing and advising the following areas: services, infrastructure, software, and integration. Join the December IAM Online (December 13, 2013) for a wide-ranging discussion of Trust and Identity and its impact on the research and education community.
Presenter: Jack Suess, UMBC, Chair of the InCommon Steering Committee
Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online For more details, including back-up phone bridge information, see www.incommon.org/iamonline
About IAM Online
IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. IAM Online is brought to you by Internet2¹s InCommon community and the EDUCAUSE Identity and Access Management Working Group.
InCommon Affiliate Webinar Series: Aegis Identity
“The Impact of Identity and Access Management with Federation on P-20 Individualized Learning and Cloud Resources”
Wednesday, December 18, 2013
2:00 pm ET | 1:00 pm CT | 12:00 pm MT | 11:00 am PT
http://internet2.adobeconnect.com/affiliate
Join us for the next InCommon Affiliate Webinar, “The Impact of Identity and Access Management with Federation on P-20 Individualized Learning and Cloud Resources,” presented by Aegis Identity Software, Inc., San Diego State University, and the IlliniCloud.
The speakers will discuss innovating the components required in architecting a cohesive IAM solution with integrated federation technology to allow for secure online authentication and authorization to cloud and on-premise resources to promote individualized learning. We will discuss the integration of business processes, constituents' needs and identity systems for the next generation of education technology.
Presenters:
Ames Fowler, Solution Engineering Manager, Aegis Identity Software
Jim Faut, Director of Software Development, Aegis Identity Software
Edgar Hodge, Director, University Computer Operations, San Diego State University
Marcus Jeffers, Identity Management Analyst, San Diego State University
Jason Radford, Systems Administrator, District 87, Bloomington, Illinois, IlliniCloud
About Aegis Identity Software
Aegis Identity Software provides contemporary identity management solutions that align with open source identity management technologies, deploying IdM solutions quickly and without incurring a large professional service expense to the university. Designed specifically for higher education, TridentHE, provides an identity management platform to automate provisioning/de-provisioning, identity synchronization, password management and user self-service.
About the InCommon Affiliate Webinar Series
InCommon Affiliates offer software, support, integration, and consulting related to identity and access management, and other trust services. This webinar series provides an opportunity for affiliates to share ideas and solutions with the community. You can learn more about the affiliates at www.incommon.org/affiliates.
Connecting
We use Adobe Connect for slide sharing and audio:
http://internet2.adobeconnect.com/affiliate
Back-up phone bridge for audio:
+1-734-615-7474 (please use if you do not pay for Long Distance)
+1-866-411-0013 (toll-free US/Canada Only)
Access code: 0105266#
If you have never attended a Adobe Connect meeting before, you can test your connection at http://internet2.acrobat.com/common/help/en/support/meeting_test.htm
On December 18th, InCommon Operations will deploy three new metadata aggregates on a new vhost (md.incommon.org). All SAML deployments will be asked to migrate to one of the new metadata aggregates as soon as possible but no later than March 29, 2014. In the future, all new metadata services will be deployed on md.incommon.org. Legacy vhost wayf.incommonfederation.org will be phased out.
An important driver for switching to a new metadata server is the desire to migrate to SHA-2 throughout the InCommon Federation. The end goal is for all metadata processes to be able to verify an XML signature that uses a SHA-2 digest algorithm by June 30, 2014. For details about any aspect of this effort, see the Phase 1 Implementation Plan of the Metadata Distribution Working Group.
Each SAML deployment in the Federation will choose exactly one of the new metadata aggregates. If your metadata process is not SHA-2 compatible, you will migrate to the fallback metadata aggregate. Otherwise you will migrate to the production metadata aggregate or the preview metadata aggregate, depending on your deployment. You can find more information about metadata aggregates on the wiki.
To find out more, subscribe to our new mailing list and/or check out our FAQ.
Help: help@incommon.org
FAQ: https://spaces.at.internet2.edu/x/yoCkAg
To subscribe to the mailing list, send email to sympa@incommon.org with this in the subject: subscribe metadata-support
InCommon hosts four Shibboleth installation workshops each year, and we’re in the planning stages for 2014. These two-day events provide installation training for the IdP (day one) and the SP (day two).
We’re looking for organizations interested in hosting a Shib workshop in 2014. This program has been successful, in part, because of a partnership between Internet2/InCommon and campuses, regional network providers, and educational consortia.
InCommon provides the trainers and curriculum, and the local host provides the network, arranges for catering, and takes care of other on-site logistics. InCommon also provides the host organization with two complimentary registrations each day.
We have found that attendance is best at locations in proximity to a decent-size airport. For reference, past examples include Portland (Oregon), Omaha, Baltimore, Long Beach, and Milwaukee.
You can download a Word document with the host and technical requirements from the wiki.
We are open to time frames, although we have a workshop scheduled March 24-25. A general guideline would be May/June, July/August, mid-September or mid-November. We’re interested in hearing from campuses, and from state or regional associations or consortia.
If you are interested or have questions, please email me (woodbeck@internet2.edu)