Blog from June, 2015

Update as of July 2015: Wiki for the MFA Interoperability Profile Working Group is here



On behalf of the InCommon AAC, I would like to invite your participation in a new InCommon Multi-Factor Authentication (MFA) Interoperability Profile working group; the charter is below for your review.  This working group is being initiated based on substantial community interest in the topic of interoperable MFA.

If you are interested in participating, please send an email directly to me (and not the list), indicating your area of expertise and a brief summary of the reason for your interest in participating.  Please send these no later than Friday, June 26, 2015.  Please note the timeline for deliverables and ensure that you are prepared to allocate the appropriate amount of time to this effort.


Jacob Farmer

Chair, Assurance Advisory Committee


InCommon MFA Interoperability Profile Working Group Charter


The Assurance Advisory Committee (AAC) invites the Community to participate in the InCommon Multi-Factor Authentication (MFA) Interoperability Profile Working Group.  The mission of the working group is to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider.



1.  Assemble use cases that will motivate the deliverables of this working group

2.  Develop short list of widely deployed MFA technologies that will be in scope for the profile

3.  Define requirements for and draft MFA Interoperability Profile

4.  Develop and recommend scope and plan for adoption

5.  Present draft in session at Technology Exchange in October 2015

6.  Publish final profile by November 30, 2015



1.  Profile should be constrained to address the articulated need for distributed MFA.

2.  Ability to implement with current technology should be a core design constraint.

3.  Support for this capability should be exposed in the Federation Metadata.

InCommon and CLAC (the Consortium of Liberal Arts Colleges) are collaborating on an InCommon Shibboleth Installation Workshop at Trinity College in Hartford, Connecticut, on June 23-24. We have four spot available and open to anyone who wants to attend. To register, go to

Read on for details on the Shibboleth installation workshop, or see

We will focus the training sessions on people who wish to learn about and eventually deploy the new IdPv3. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible.

  • Two-day, directed self-paced workshop
  • You will install the identity provider and service provider software
  • Experienced trainers provide overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 20

The workshop will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects