Versions Compared

Old Version 29

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

compared with

New Version 30

changes.mady.by.user Emily Eisbruch (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Executive Summary

Following is a summary of the work of the InCommon Technical Advisory Committee's  Alternative Identity Providers Working Group . It describes alternative strategies for deploying an Identity Provider (IdP) in a variety of campus IT environments with the goal of providing solutions for institutions that do not have the expertise and resources to operate a Shibboleth IdP locally, the strategy most deployed within the InCommon Federation as of this writing.

While a locally­operated locally ­operated Shibboleth Identity Provider (IdP) continues to provide the greatest capability and flexibility for an institution’s current and future federation needs, there are alternatives that may be better suited to a specific institution’s:

  •  computing environment (e.g., Java, LAMP, Active Directory)

  • available resources and expertise, and strategy with respect to insourcing or outsourcing of IT infrastructure.

This paper describes and assesses several alternative strategies institutions may choose to deploy, depending on local circumstance. For example, an institution with a Java environment will likely choose a Shibboleth-­based strategy, whereas a Microsoft­-centric environment might choose an ADFS­based strategy. Additional considerations are outlined in the body of the report.

When configuring an in­house solution, or selecting a specific outsourced solution, careful consideration of the criteria described in this paper, in the light of both current and future needs, is very important. InCommon and other higher education identity federations are evolving rapidly, and what you do not need today may become a necessity without much warning over the next few years.

This paper closes with a set of recommendations to InCommon, TIER, and Internet2 with respect to actions the work group believes are important to facilitate the deployment of IdPs within higher education. In summary, these are:

  • Create appliances for insourced operation including CANARIE/SWAMID IdP Installer tool with configurations pre­built for InCommon.

  • Conduct outreach to those institutions that are not engaged in federation and would not know that alternatives for an IdP exist.

  • Develop a mentor program for InCommon Members to help campuses get started.

  • Develop criteria for assessing of IdP service vendors.

  • Author a cookbook on deploying the IdP strategies, including technical architecture, vendor selection, user support, operation, etc. It would be valuable to work with other federations on this project, as these are common issues internationally.


...