The InCommon Forum
Internet2 Spring 2008 Member Meeting
April 21, 2008
John Krienke reported that InCommon has added 21 participants since the last Internet2 Member Meeting (October 2007), an increase of 26 percent. This brings the total to 55 higher education participants, 22 sponsored partners and three government agencies/research labs.
**Technical Issue Updates**
- InCommon X.509 certificates now are valid for two years.
- The target for making available embedded ("inline") certificates is June 25
- Key management implies downloading often; the recommendation is at least daily
- Shibboleth 2.0 has been released and we need to start discussing migration
There are several collaboration/working groups associated with InCommon. Here is an update from each.
InC-Student is comprised of Cornell, Georgetown, Louisiana State, Penn State, Stanford, the University of Idaho, the University of Southern California, the University of Washington and the University of Wisconsin-Madison.
Involvement from each institution includes an IT professional and a staff member from the registrar, financial aid, or other student services office. The group is working on presentations at AACRAO, including a July workshop in Baltimore, and has been working with the national student clearinghouse on involvement in InCommon. They have also developed a "bedtime story" (available on the wiki) about what it would be like for a student in a federated world.
InC-Apple-ITunesU is a pilot of five schools looking at attributes and policies around attribute release. The group has set June as the target for a working pilot. Institutions involved include the University of Washington, Duke, Clemson, Penn State, and the University of Maryland-Baltimore County.
InC-LibraryServices is a group working on best practices for delivering federated services for library users, including off-campus users and guest walk-up users. Current discussions include best practices for the combination of Shibboleth and EZProxy. Campuses involved include the University of Maryland, the University of California-San Diego, Brown, Cornell, Chicago and the University of Washington.
InC-Dreamspark was organized just prior to federated student access to Microsoft Dreamspark went live.
InC-Sharepoint came out of discussions at NIH to develop a federated Sharepoint configuration. Nine Star Research has developed a software module to help with this. This group's first call will be May 5, 2008.
The Teragrid group has been working on policy issues and is very interested in using a federated platform.
InC-Croquet - This group is discussing how the Croquet virtual world could be federated.
InC-Confluence looks at ways to enhance Confluence's operation on a federated platform.
New VIVA case study- VIVA is a consortium of Virginia libraries that has started making federated resources available. The case is on the InCommon website.
**InCommon Steering Committee**
The InCommon Steering Committee is the organization's governing body, meeting bi-weekly and including representatives from a diverse group of institutions. One of the goals is to have a mix of representation: public/private, large/small state universities, national/regional universities. The committee includes a maximum of 13 members (there are currently 10) who rotate in three-year terms. New members include Kevin Morooney from Penn State and Chris Shillum from Elsevier. Tracy Mitrano from Cornell was asked to serve an additional three-year term because of her legal expertise. In addition, Norma Holland is the ex-officio member from EDUCAUSE.
Kevin Morooney commented that InCommon appears to be entering a time of growth and change. During this time, success will be a function of InCommon participants communicating strongly with the steering committee as they discuss membership requirements, the federation's economic model and the incentives and disincentives for joining.
**Technical Advisory Committee (TAC)**
The InCommon Technical Advisory Committee provides recommendations relating to the operation and management of InCommon with respect to technical issues. R.L. "Bob" Morgan said that the TAC has spent a great deal of time on InCommon's identity assurance framework, including the Silver level of assurance, which is now available on the wiki for comment here.
The TAC is also working on a new way to present attributes at the time of authentication, which should help in leveraging a number of applications. This is somewhat complicated and ties in with how the IdP manages its information. manage info. What will be useful for applications - varies app to app.
The group discussed various issues related to federations built on top of InCommon and interfederating with state-based federations.
The University of Texas system has developed a federation, separate from InCommon, that provides access to a number of applications for faculty, staff and students at UT campuses. There have been preliminary discussions about interfederating with InCommon and both sides are interested.
The University of Washington is involved in discussions with the community colleges and technical colleges in the state, with particular interest in single sign-on capability. There may also be interest among the group in accessing resources from outside of the system.
Brown's Women Writers Project has been working for more than 15 years to build an electronic collection of early women's writing, and on researching the issues involved in representing early printed texts in digital form. The project has been approached about joining the U.K. federation, which leads to questions about interfederating among national federations. For example, Is there an easier way to facilitate federating such projects without a university having to join multiple federations?
There is interest in federation from many fronts in North Carolina. The state has 17 public universities and colleges, 58 community colleges, 38 independent colleges and 115 K-12 school districts. All have expressed some interest in federating. Some state government units and libraries have also shown interest. By August, all University of North Carolina campuses will have Shibboleth installed and the UNC system is looking at a state federation.
The California State University system has just completed the approval process to federate and staff members are doing a detailed analysis of implementations timelines and costs. CSU includes 23 campuses and 450,000 students. CSU will build its CSUConnect federation on top of InCommon, using the UCTrust federation (University of California system) as a model.
UCTrust includes 10 campuses, the Office of the President and national labs associated with the UC system. The current timetable calls for all campuses to have joined UCTrust and InCommon by the end of 2008. UCTrust is working on policy and procedures that would be consistent with the InCommon Silver level of assurance.
The University of Chicago is in discussions about federating with the Fermi National Accelerator Lab and the Argonne National Lab, both of which are affiliated with Chicago.
MIT is rolling out Shibboleth and is about to join InCommon. MIT is also discussing the possibility of developing a generic IdP to accommodate those who do business with the university but do not currently have an ID from another IdP. There may be a possibility here for an InCommon working group to study this issue.
In Ohio there is some discussion about establishing a state university system, encompassing all of the state-assisted universities (which are currently independent). A natural by-product would be a federation. This may be another opportunity to build a state federation on top of InCommon.
The Great Plains Network is pushing forward to establish an IdP and to join InCommon as a way to help its members see the value of federating.
Bob Morgan reported that the interoperability of the SAML 2 protocol seems to be much better than SAML 1, leading to hope for a much more interoperable future. Shibboleth 2.0 supports both SAML protocols and the SAML metadata allows you to specify which protocol you are using.
There are some SP deployments that use only SAML 2 and InCommon will soon support that protocol, which should bring such SPs into the federation.
In the meantime, Scott Cantor asked for feedback from site administrators on the types of functionality and interfaces they would like as the federation begins supporting SAML 2. The current discussion is to provide a straight editing interface that would allow administrators to edit their own metadata.
There was a discussion about the role of InCommon in discussions about K-12 participation in the federation. The operation of IdPs for K-12 entities, and whether aggregation of several districts into one regional or state-wide IdP would make sense. This will be one of the topics to be discussed at the Federation Soup meeting, discussed below.
**Federation Soup Meeting**
Federation Soup will take place in Seattle, June 2-4, 2008. The concept is to begin charting a course as the demands for federations increase. K-12 involvement is one topic, along with state governments, the U.S. government, and interfederating with other national federations.
**Potential Sponsored Partners**
Renee Shuey reported working with a provider of alcohol education services (alcoholEDU) that is not a member of InCommon but has contracts with a number of InCommon participants. John Krienke pointed out that the InCommon Collaboration wiki has a page where InCommon IdPs can list vendors that may be candidates for federating. He encouraged attendees to add their information to the wiki here.