Blog from May, 2014

Identity Week Proposal Deadline Extended to June 8

The deadline for the call for proposals for the Technology Exchange, which includes Identity Week 2014, has been extended to June 8. The event will take place October 26-30, 2014, in Indianapolis. Identity Week will include Advance CAMP October 27-28 and CAMP October 29-30. You can see more-detailed descriptions of ACAMP and CAMP under item #2 on the call for proposals web page ( In addition to Identity Week, the Technology Exchange will feature tracks in Security, Cloud Services, and Advanced Networking.

Since ACAMP follows an unconference format, we encourage you to submit a proposal for the CAMP in areas such as:

  • Policy and technical challenges of implementing identity management systems
  • Case studies in identity management, including federated identity solutions
  • Community-driven identity software solutions
  • Issues about managing groups
  • Issues regarding provisioning and deprovisioning
  • Using or considering outsourced identity or federated identity service

Note that there is special interest in:

  • Sessions with presenters from more than one organization
  • Sessions with some cross-over interest to other tracks at Technology Exchange (security, cloud services, advanced networking)

Please consider submitting a session and also mark the dates on your calendar to join your fellow identerati in Indy.

Identity Week Proposal Deadline May 30

May 30, 2014, is the deadline for proposal submissions for the 2014 Identity Week, which will be part of the Technology Exchange, October 26-30, in Indianapolis.

We're specifically encouraging proposals for what we have been calling CAMP 201, which will include these broad topic areas:

  • increasing the value of InCommon participation
  • trust and privacy in identity
  • support for teaching and learning
  • simplifying the deployment of Identity and Access Management

What experiences have you had on your campus? What are your successes (and, yes, your failures, for we can learn from those, too)? What have you implemented or considered as you refine your approach to identity management and federation?

Please consider submitting a proposal – whether it is something specific to your campus, something that has perhaps involved other campuses or collaborations, a working group, or the like.

Your proposals will be an important part of the CAMP portion of the meeting (October 29-30), which will appeal to identity architects, developers, and implementers.

You will find the call for proposals at the Technology Exchange website:

Couldn't make the May 21, 2014, InCommon Affiliate Webinar featuring Unicon? The archived recording is available. The webinar features two campus case studies: Implementing two-factor authentication with CAS at Evergreen State College Extending CAS at Indiana University, including two-factor authentication, login interrupts, password expiration policies, and front-channel authentication via SAML.

InCommon Affiliates offer software, support, integration, and consulting related to identity and access management, and other trust services. This webinar series provides an opportunity for affiliates to share ideas and solutions with the community. Unicon provides IT consulting services and support for popular open source IAM solutions such as CAS, Shibboleth, and Grouper.

IAM Online – Wednesday, May 28, 2014

3 pm ET / 2 pm CT / 1 pm MT / Noon PT

Good Federation Citizenship

You have many options as you manage your organization’s participation in InCommon. How do you know which are preferred? What policies and implementations should you consider adopting as a good citizen of the federation?

This IAM Online gives an overview of recommended practices and configurations for both Identity Providers (IdPs) and Service Providers (SPs) to best support interoperability with the widest variety of federation partners.

By definition a federation is made up of many different identity providers (IdPs) and service providers (SPs). The InCommon federation defines some baseline requirements all participants must meet, but each provider has different priorities. We’ll discuss areas such as forced reauthentication, SSO session lifetime and default attribute release profiles, as well as how specific configuration elements can impact interoperation between IdPs and SPs.

Jim Basney, Sr. Research Scientist, National Center for Supercomputing Applications
Eric Goodman, IAM Architect, University of California Office of the President
Keith Wessel, Identity Management Service Manager, University of Illinois at Urbana-Champaign


We use Adobe Connect for slide sharing and audio: For more details, including back-up phone bridge information, see

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information and Security Council.

Call for Proposals - Technology Exchange and 2014 Identity Week

Identity Week 2014 will take place October 26-30, 2014, in conjunction with the Technology Exchange in Indianapolis. The Technology Exchange is convened by Internet2 in conjunction with the Department of Energy’s Energy Sciences Network (ESnet) and hosted by Indiana University.

In addition to Trust, Identity and Middleware Applications, the Technology Exchange will have these topic areas: Security, Cloud Services, and Advanced Networking.

The Trust, Identity and Middleware Applications track provides a venue for identity architects, developers and implementers to explore and discuss topics of broad interest to the community. Advance CAMP, with its unconference format, will take place on October 27-28, while CAMP will be October 29-30.

CAMP will include sessions proposed by the community and the call for proposals is now open. Please see the details, including possible topic areas, at:

If you have any questions, please email

Webinar - Active Directory Domain Services and Suggested Practices for Authentication

Wednesday, May 7, 2014
Noon ET | 11 am CT | 10 am MT | 9 am PT

Do you have Microsoft’s Active Directory Domain Services as part of your identity management system? Join us for a webinar at noon (ET) on Wednesday, May 7, to learn about the revision of a popular cookbook that demonstrates suggested practices for authentication.

The InCommon Silver with Active Directory Domain Services Cookbook provides help for those interested in adopting InCommon Silver Identity Assurance Profile and enhancing their authentication security. The document is available on the Internet2 wiki at

The Cookbook contains specific guidelines for identity provider operators that have Microsoft's Active Directory Domain Services at or near the core of their identity management systems, including:​

  • storage encryption for domain servers that hold passwords,
  • AD-provided authentication protocols, and
  • password replication among domain controllers.
    The Cookbook also includes interpretations, reviewed by the Assurance Advisory Committee, of key IAP sections that may be of value to institutions utilizing technologies other than Active Directory in their identity management systems. This revision, originally published in 2012, addresses changes in version 1.2 of the InCommon Assurance Profile (IAP).

The U.S. Government-approved Silver Identity Assurance Profile, comparable to the NIST Level of Assurance 2, has identity-proofing requirements that provide reasonable assurance of individual identity. The profile describes sets of Identity Provider Operator requirements for registering individuals, issuing credentials, and managing related identity management information. For more information on InCommon’s Assurance Program, see

Adobe Connect (slide sharing and one-way audio):

Dial-in (to participate in the conversation):
+1-734-615-7474 (preferred)
+1-866-411-0013 (toll-free in U.S. and Canada)
PIN: 0101010#

InCommon Update - May 2014

The May 2014 issue of InCommon Update is available.

In this month's issue:

  • InCommon Celebrates 10th Anniversary
  • Two Service Providers Approved for R&S Catetory
  • Shibboleth Installation Workshop Registration Opens
  • Duo Security Multifactor Authentication Site License
  • Identity Week 2014 at the Technology Exchange
  • New Certificate Service Providers
  • New InCommon Participants​

Upcoming Events

  • May 7 webinar - Active Directory Domain Services and Suggested Practices for Authentication
  • May 28 - IAM Online
  • July 24-25 - InCommon Shibboleth Installation Workshop - Indianapolis, IN
  • September 29-30 - InCommon Shibboleth Installation Workshop - Newark, NJ
  • October 26-30 - Identity Week at the Technology Exchange - Indianapolis, IN
  • November 10-11 - InCommon Shibboleth Installation Workshop - Salt Lake City, UT

Featured Affiliate - Spherical Cow Group