Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


TimeTrack 1 Session TitleTrack 1 Session AbstractTrack 2 Session TitleTrack 2 Session AbstractTrack 3 Session TitleTrack 3 Session Abstract
8:00 - 10:00 am EDT 14:00 - 16:00 CESTSocial Gathering
10:00 - 10:10 am EDT 16:00 - 16:10 CEST

Welcome to CAMP

Speaker: Kevin Morooney Klaas Wierenga

10:10 - 11:00 am EDT 16:10 - 17:00 CEST

Advancing AAI by tighter integration of identity management with access management and midPoint


Slavek Licehammer (Evolveum)
This session will be composed of two parts. The first one will cover recent news from midPoint development as well as the current roadmap for future updates. The second part will look at AAI from a broader perspective. We will demonstrate how tighter integration of midPoint and access management can unlock untapped potential for new features and capabilities. For example, we see the potential in license management, improving self-service flows like requesting new roles, combining just-in-case with just-in-time provisioning or privacy-preserving features.

Accelerating the move to federated access for library e-resources

Moderator: Kelechi Okere, Elsevier


Linda Van Keuren, (Georgetown University Medical Center), Meshna Koren (Elsevier),  Andrew White (RPI),  Ralph Youngen (American Chemical Society)

Even though federated authentication to library e-resources has been around for over 15 years, it has always been primarily used as a backup to IP access. Nevertheless, interest in using federated authentication as the primary authentication method has been growing in the past few years. The COVID-19 pandemic has been a powerful catalyst to this development, especially for remote access and its associated heightened cybersecurity concerns. While many universities are increasingly moving to SAML based access for enterprise resources, we find that access to library e-resources are often not included in the SAML based access plans. Part of the reason is lack of appropriate coordination between central campus IT and the library. Join representatives from Elsevier, American Chemical Society and Rensselaer Polytechnic Institute for a lively discussion on developments to move to federated authentication-only to library e-resources as part of broader security and identity and access management measures. The panel discussion will touch on key findings from projects each organization has undertaken to move towards federated authentication as a primary access method to library e-resources.

Distributed Identity for managing researcher access

Speaker: Niels van Dijk (SURF)

Researchers need access to many, often distributed, resources. For this purpose, many services support federated identity, which leverages the identity management of the home institution to handle authentication and provide a basic set of profile information. A new paradigm, Distributed Identity, tries to let users be in direct control of the profile information they share with services. This presentation showcases recent work in the GÉANT Trust and Identity Incubator on how Distributed Identity may be used to facilitate research access management. After describing the core concepts of Distributed Identity, the proof of concept platform that was used to test and validate the requirements will be demonstrated. The presentation concludes with an analysis of the potential benefits and challenges of using Distributed Identity for managing researcher access.

11:10 am - 12:00 pm EDT
17:10 - 18:00 CEST

InCommon Advisory Groups

Speakers: David Bantz (CTAB)
Rob Carter (CACTI)
Keith Wessel (TAC)

InCommon is all about the research and higher ed community. It benefits the community, and it’s the community that helps to drive it. In fact, it only works if the community gets involved. In this session, hear from the chairs of three InCommon advisory groups about what their groups have been working on this year and how you can help. The chairs of the InCommon Community Trust and Assurance Board (CTAB), the Community Architecture Committee for Trust and Identity (CACTI), and the InCommon Technical Advisory Committee (TAC) will present upcoming projects from their groups that might impact your organization. They’ll also tell you about ways that you can get involved.

Hosted solutions, federation adapters, evaluating cloud solutions

Speakers: Dedra Chamberlin (Cirrus Identity), Mike Grady (Unicon) Mary McKee, (Duke University and Co-Chair IdPaaS Workgroup)
Charise Arrowood, (Unicon) Mark Rank, (Cirrus Identity)

The InCommon TAC chartered the Identity Provider as a Service workgroup in response to community interest. The workgroup issued its final report in Jan 2021, and one key recommendation was for universities to explore "Federation Adapter" solutions. Such services fill gaps where commercial identity solutions, like Azure AD and Okta do not meet requirements for multilateral federations like InCommon and CAF. This session will feature two vendors that offer hosted Identity Provider as a Service solutions: Cirrus Identity and Unicon. You'll hear about the solutions and how customers have implemented them. We would love to hear your input as well!

ADFS Toolkit, Including Support for REFEDS MFA


Chris Phillips (CANARIE)

Supporting R&E standards of REFEDS MFA and Assurance Profiles is key to keeping researchers connected to their critical R&E infrastructure. This session shares lessons learned on implementing and operationalizing MFA and Assurance Profiles with AD FS using ADFSToolkit. Various approaches including using Azure where possible will be covered.

12:00 - 1:00 pm EDT 18:00 - 19:00 CEST

Break and BoF (Birds of a Feather)

Take a break or join a BoF! Bring your breakfast, lunch, dinner, beverage (depending on your time zone) and join in these informal discussions on topics of interest

BoF - COVID-Based Access Management - Speaker: Anne Tambe
As many of us have experienced, the pandemic and the resulting lockdowns have brought about many challenges for Identity and Access Management teams. This BOF is intended as a space for members of the community to explore and exchange information related to COVID-19 remote solutions. We'd also like to touch on how these solutions will be utilized in a future after the pandemic and what long term effects (good or bad) this experience has had on the space.

BoF - COmanage - Speakers: Laura Paglione + Benn Oshrin

During 2020, COmanage has released new features, transitioned its training program to online, and refined its community engagement processes. During this COmanage Birds of a Feather session, we will have an open discussion directed by you - the current and prospective users of the tool - about the current state and future direction of the project.

1:00 - 1:50 pm EDT
19:00 - 19:50 pm CEST

Lightning Talks

Topics + Speakers:

OIDC Device code flow based SSH access with MFA: Dominik František Bučík (Masaryk University)

Advanced use-cases for eduPersonEntitlement in the ELIXIR AAI: Pavel Břoušek (Masaryk University)

What's NEW with Shibboleth IdP UI:Mike Grady (Unicon, Inc.)

OIDC Device code flow based SSH access with MFA: Heather Flanagan (Seamless Access)

Federation 2.0 working group - Tom Barton (Internet2)and Judith Bush (OCLC)

NIH and You: MFA, Identity Assurance, and Coming Requirements

Speaker: Jeff Erickson (NIH) Sumit Nanda (NIH) Sandeep Sathyaprasad (NIH)

Please join Jeff Erickson – National Institutes of Health (NIH) Center for Information Technology (CIT) Chief of Identity & Access Services – for a lively discussion on NIH’s transition to multi-factor authentication (MFA) to access NIH systems and applications. Starting September 15, 2021, NIH will begin a phased approach for enforcing MFA to access electronic Research Administration (eRA) modules. In this session, participants will learn about:
NIH’s new identity management requirements that could affect access for faculty, researcher and scientists:
-REFEDS Research and Scholarship Entity Category (R&S)
-REFEDS MFA profile
-REFEDS Assurance Framework
What institutions and technologists need to do to prepare; and
Recommendations for campuses

Splunk and Advanced Log Analysis

Speakers: Paul Riddle (UMBC), Keith Wessel, (University of Illinois at Urbana- Champaign) Eric Coleman, (University of Illinois at Urbana- Champaign) Scott Woods, (West Arete)
Anindita Bandyopadhyay, (West Arete) 

This session will show how two schools leveraged the power of Splunk to store and analyze Shibboleth IdP logs. University of Maryland Baltimore County will describe a methodology they developed for parsing the Shibboleth IdP Trusted Access Platform container log output and shipping it to Splunk in a format that Splunk can easily index. They’ll discuss how this logging infrastructure has worked for them, and how it might be adapted to other TAP components. Then, the University of Illinois at Urbana-Champaign will show how they used Shibboleth logs in Splunk to learn interesting and useful trends about service usage. Through the power of Splunk, Illinois is able to see not only the growth and spikes in single sign-on but also what populations are using what services and when. Learn how they’re using this data to better inform service decisions.
1:50 - 2:00 pm EDT
19:50 - 20:00 pm CEST

2:00 - 2:50 pm EDT
20:00 - 20:50 CEST

Closing Plenary: Bridging the Gap: Strategies to Enable Federated Access to SAML-shy Resources and Services

Moderator: Nicole Harris (GÉANT) Speakers: Jim Basney, Christos Kanellopoulos, Leif Johansson

Proxies have emerged as a preferred way for providers to quickly bring new resources into a federation for access by users. Is it time we formally recognize proxies’ role in the federation, make appropriate adjustments, and recommend best practices to fully support proxies in our ecosystem?

Some of the questions to ponder may include: how does a proxy express to the IdP the varying attribute/authentication needs across the resources it proxies? Are there trust and policy implications? What is the best way to implement a proxy? What changes might we make to the federation trust model to recognize and support proxy in federation?

Join us as the panelists explore these questions and set the stage for what we hope is an Advance CAMP session to continue the discussion.

2:50 - 4:50 pm EDT
20:50 - 22:50 pm CEST

Social Gathering + ACAMP Agenda Discussion