Blog from August, 2016

If you are new to federated identity management and plan to attend the Technology Exchange in Miami (Sept. 25-29), consider registering for Base CAMP (Sunday afternoon, Sept. 25). Base CAMP will:

  • Provide an overview of the InCommon Federation and the identity and access management professional field
  • Cover the basics of federation, including the trust framework, metadata, attribute release, and international interfederation
  • Introduce software and supporting technologies, including Shibboleth and TIER (Trust and Identity in Education and Research)
  • Include information on related and emerging issues (like multifactor authentication and alternative IdPs)

You will then be ready to dive into the rest of the Technology Exchange, including a day-and-a-half of track sessions (CAMP), an afternoon of working group meetings, and the unconference Advance CAMP (ACAMP), including discussions of community-wide issues and proposed solutions. ACAMP concludes Thursday (Sept. 29) at noon. You will find the full schedule for the 2016 Technology Exchange, along with registration and hotel information, at

With InCommon interconnected to the global federation community, participants now have the opportunity to take part in and support policies and standards being developed internationally. One of the most promising collaborations in this area is the Security Incident Response Trust Framework for Federated Identity (Sirtfi). Developed by a working group comprising international research, campus, and federation operator community members, this framework and related entity tags for IdPs and SPs serves as a first iteration of a global federated incident response approach.

Very shortly, InCommon will begin a proof of concept to support the federation role of the Sirtfi framework for three InCommon identity providers (and a few SPs to be identified) to enable international experimentation with and further refinement of the Sirtfi framework and to continue the community’s work to increase trust within and across our federations. This proof of concept will affect our trust registry/metadata aggregate, but should have no impact on any operations. 

This proof of concept will include very scoped support for Sirtfi including:

  • Importing the Sirtfi entity attribute for those international IdPs and SPs that have chosen to adhere to the specification along with importing the REFEDS Security Contact metadata into InCommon metadata from eduGAIN.
  • Adding to the InCommon aggregate and exporting to eduGAIN the REFEDS security contact and the Sirtfi entity attribute on the entity descriptors of the following IdPs:
    • NCSA
    • LIGO
    • The University of Chicago
  • Adding the Sirtif tag to several LIGO SPs

Given the Sirtfi federation operator obligations have not been finalized, InCommon is working to confirm with these IdP operators and their executive contacts that they comply with the framework by having them self assert to the requirements.

InCommon Shibboleth Installation Workshop
October 27-28, 2016

California State University Office of the Chancellor
Long Beach, California

Registration is open for the final InCommon Shibboleth Installation Workshop of 2016. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on IdPv3.

We will focus the training sessions on people who wish to learn about and deploy IdPv3. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop
  • Hands-on installation of the identity provider and service provider software
  • Experienced trainers providing overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 35
  • Registration closes October 10

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions: 

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to

To learn more about Shibboleth, see the Shibboleth wiki ( More information on federated identity can be found at

Community Update - InCommon TAC (Technical Advisory Committee)
Wednesday, August 24, 2016
2 pm ET | 1 pm CT | Noon MT | 11 am PT

The InCommon TAC will provide one of the regular updates of its work plan and discuss some of the projects that are currently underway. This one-hour session will include a general overview, plus information about several specific areas in which groups have either continued work, or are starting to work. There will be opportunity for your feedback, discussion, and suggestions.

The webinar will include an overview of the TAC 2016 work plan, plus information about current working groups:

  • Per-entity Metadata Working Group
  • Deployment Profile Working Group
  • OIDC/OAuth2 Survey Working Group
  • and a number of other topics

We will use Adobe Connect for slide-sharing and audio.

Discussion will take place in the Adobe chat window, but to participate by voice, you will need to join the conference bridge:

734-615-7474 (please use if you don't pay for long distance)

866-411-0013 (toll-free US/Canada)

PIN: 0101010#