Versions Compared

Old Version 3

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

compared with

New Version 4

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeTrack 1 Session TitleTrack 1 Session AbstractTrack 2 Session TitleTrack 2 Session AbstractTrack 3 Session TitleTrack 3 Session Abstract
10:30 - 9:45 amWelcome to Tuesday
10:45 - 11:35 am

midPoint Update: Advancing AAI by Tighter Integration of IdM and Access Management

Speakers:

Slavek Licehammer (Evolveum)		The presentation will be split into two main parts. The first one will focus on the area from a high-level perspective - discussing benefits, use-cases, as well as challenges that tighter integration of identity management and access management can bring. The second part will expand the first part with concrete examples of how some of the use-cases might be implemented with the identity management system midPoint. It will be a combination of ideas, configuration examples and live demonstrations.

Accelerating the move to federated access for library e-resources

Speakers:

Ken Klingenstein (Internet2), Meshna Koren (Elsevier),  Andrew White (RPI),  Ralph Youngen (American Chemical Society)

Even though federated authentication to library e-resources has been around for over 15 years, it has always been primarily used as a backup to IP access. Nevertheless, interest in using federated authentication as the primary authentication method has been growing in the past few years. The COVID-19 pandemic has been a powerful catalyst to this development, especially for remote access and its associated heightened cybersecurity concerns. While many universities are increasingly moving to SAML based access for enterprise resources, we find that access to library e-resources are often not included in the SAML based access plans. Part of the reason is lack of appropriate coordination between central campus IT and the library. Join representatives from Elsevier, American Chemical Society and Rensselaer Polytechnic Institute for a lively discussion on developments to move to federated authentication-only to library e-resources as part of broader security and identity and access management measures. The panel discussion will touch on key findings from projects each organization has undertaken to move towards federated authentication as a primary access method to library e-resources.

GÉANT Incubator

Speaker: Niels van Djik (SUNET)

What's new and coming from GÉANT
11:35 - 11:45 amBreak
11:45 - 12:35 am

Lightning Talks

Moderator: Nicole Harris (GÉANT)InCommon Advisory Groups

Speakers:

1) Seamless Access
2) Federation 2.0
3) OIDC Device Code Flow
4) eduPerson entitlement use cases
5) Shibboleth UI
6) eduroam

David Bantz (CTAB)
Rob Carter (CACTI)
Keith Wessel (TAC)



Abstract to come

Services in the Cloud

Speakers: Dedra Chamberlin (Cirrus Identity), Mike Grady (Unicon)


Cirrus: The InCommon Technical Advisory Committee chartered a work group to explore Identity Providers as a Service. Community members had been asking for more options for adding an Identity Provider to InCommon. Especially as many campuses pursue "cloud first" strategies, demand was growing for hosted solutions to enable membership in InCommon using existing cloud identity solutions like Microsoft Azure Active Directory. The workgroup report was recently published, and among the recommendations are that campuses consider "federation adapters" that can help bridge commercial SSO solutions like Microsoft Azure AD and Okta to the federation. This session will explain what a "federation adapter" is and why a campus might want to choose one (or not). Many federation adapter solutions can also help campuses meet upcoming InCommon baseline 2 requirement and the NIH requirements. Panelists will include staff from campuses that have implemented a federation adapter, as well as representatives from InCommon Catalyst partners who provide federation adapter solutions.

Unicon: Discuss options and considerations for InCommon and other federation members to consider when evaluating cloud/hosted solutions, and some of the options in that space.

REFEDS Assurance

Speakers:

Brett Bieber (University of Nebraska)

Jule Ziegler (LRZ/DFN)

Brett: Service providers, including the National Institutes of Health, are beginning to take an interest in identity assurance and how this is expressed through federated authentication. Members of the Assured Access Working Group (AAWG) will share recommendations on implementing the REFEDS Assurance Framework claim levels within your campus identity architecture, including best practices and pitfalls to quickly leverage existing processes. Attendees will come away with a comprehensive understanding of the REFEDS Assurance Framework, which partners across their local campus should be engaged in this effort, and how to organize a task force to begin implementation.

Jule: Updates from REFEDS Assurance WG, such as eduPersonAssurance standing within R&S, potential updates of the specifications, outcomes from MFA subgroup, european projects which are addressing assurance (e.g. FIM4R)

12:35 am - 1:35 pm

Break and BoF (Birds of a Feather)

Take a break or join a BoF! Bring your breakfast, lunch, dinner, beverage (depending on your time zone) and join in these informal discussions on topics of interest

BoF - COVID-Based Access Management

BoF - COmanage

1:35 - 2:25 pm

InCommon Advisory Groups

Speakers:

David Bantz (CTAB)
Rob Carter (CACTI)
Keith Wessel (TAC)

Lightning Talks

Moderator: Nicole Harris (GÉANT)


1) Seamless Access
2) Federation 2.0
3) OIDC Device Code Flow
4) eduPerson entitlement use cases
5) Shibboleth UI
6) eduroam

Abstract to come

National Institutes  of Health

Speaker:

Jeff Erickson (NIH)

Abstract to come.

Splunk and Advanced Log Analysis

Speakers: Paul Riddle (UMBC), Keith Wessel at Urbana-Champaign

UMBC: At UMBC, we struggled for some time to find a solution for getting our TAP container logs into Splunk. The first part of this talk will describe a methodology we've developed for parsing the Shibboleth IdP container log output and shipping it to Splunk in a format that Splunk can easily index. We'll discuss how this logging infrastructure has worked for us, and how it might be adapted to other TAP components.

Once our data was in Splunk, we worked with West Arete to develop a dashboard that helps us to visualize various different metrics related to the operation of our IdP, and the second part of the talk will focus on this piece. We'll talk about insights we've gained related to the operation of our IdP, and how this tool has helped to make our IdP infrastructure run more efficiently and cost-effectively.

Illinois: The global pandemic has shifted many things, one of which is the move to much more distance learning. This move has brought out many new trends and patterns in the usages of campus IT services. Thanks to the advanced log analysis and reporting functions available from services like Splunk, it's easy to see these trends and use them to grow services, security practices, and cloud architecture. It all starts, though, with how to analyze your IAM systems' logs. What services are students logging into these days, not just during the day, but in the evenings? Why might see you see load spikes on your SSO systems at 11:00 PM on a Friday night? And how do usage patterns differ now that many of us are working for institutions with students located around the globe?In this session, you'll learn about the trends that the University of Illinois found in the logs from the Urbana-Champaign campus and how they're using those to make informed decisions about their future plans.

2:25 - 2:35 pmBreak
2:35 - 3:25 pm

Closing Plenary


...