Blog

Introduction to Interfederation Webinar Nov. 16
Dean Woodbeck (internet2.edu) posted on Nov 12, 2015

InCommon Webinar: Introduction to Interfederation

Monday, Nov. 16, 2015
2 pm ET | 1 pm CT | Noon MT | 11 am PT

As you may be aware, InCommon is moving toward interfederation, by joining eduGAIN. This will have an impact on all InCommon participants that make use of the federation

What is interfederation? Why is InCommon participating in eduGAIN? What are the benefits for my organization? What should I consider as I determine whether to participate? We'll answer these and other questions, and provide an overview of interfederation in the context of InCommon and your organization.

Speakers:

Tracy Futhey, Vice President for Information Technology and CIO, Duke University

Scott Koranda, Lead Architect, LIGO (Laser Interferometer Gravitational-Wave Observatory)

Ann West, Associate Vice President Trust and Identity, Internet2

Connecting

We will use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/incommonedugaininformational/

Please note that we have a capacity of 200 seats in the Adobe Connect room. The webinar will be recorded for later viewing.

Back-up Phone Bridge

If you have problems with Adobe Connect or aren’t near your computer, use our back-up phone bridge:

Dial-in:

(734) 615-7474, or

(866) 411-0013 (toll-free in US and Canada)

PIN: 0116480#

Registration Open for Shibboleth Installation Workshop, Feb. 4-5, 2016
Dean Woodbeck (internet2.edu) posted on Nov 11, 2015

Register Now for InCommon Shibboleth Installation Workshop in Durham, North Carolina

February 4-5, 2016
MCNC - Durham, NC
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, February 4-5, 2016, at the MCNC offices in Durham, North Carolina. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help 

  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40


The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment

  • Discuss how to configure and running the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers


Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects


For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

October 21 IAM Online Features Multifactor Authentication
Dean Woodbeck (internet2.edu) posted on Oct 14, 2015

IAM Online – Wednesday, October 21, 2015

2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Multifactor Authentication: Campus Deployment Case Studies

It’s a hot topic in identity management. It’s a hot topic in security. Campuses are rolling out multifactor authentication (MFA) in the wake of phishing attempts to compromise direct deposit programs and other major security concerns. This webinar will provide an update on community work on MFA interoperability and two campus case studies implementing MFA. Topics include:

  • An update on the InCommon MFA Interoperability working group, which will define requirements for an interoperability profile (https://spaces.at.internet2.edu/x/CY5HBQ)
  • A report from the University of Colorado, which has gone from zero to 34,000 MFA users in six months
  • Information from the University of Texas at Austin on their deployment of a major MFA program with Toopher and is now moving to Duo after the Salesforce buyout of Toopher

Learn about the reasoning and issues involved with these projects, as well as the key questions that were addressed by these large-scale MFA deployments. Find out what to consider, whether you are just interested, or if you face a deployment of a few users or thousands.

Speakers:

C.W. Belcher, University of Texas at Austin
Brad Judy, University of Colorado
Paul Caskey, Internet2/InCommon

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

Shibboleth 3.x Identity Provider: Two Campus Case Studies on Implementation
Dean Woodbeck (internet2.edu) posted on Sep 16, 2015

Shibboleth 3.x Identity Provider: Two Campus Case Studies on Implementation

Internet2 Trust & Identity Solution Provider Webinar: Unicon
(formerly known as InCommon Affiliates)
Wednesday, September 23, 2015
2 pm ET | 1 pm CT | Noon MT | 11 am PT

http://internet2.adobeconnect.com/affiliate (slides and audio)

The next InCommon Affiliate webinar, now part of the Internet2 Industry Program, will take place September 23 and feature Unicon and two campus case studies on Shibboleth IdPv3 adoption.

Many higher education institutions have adopted (or are planning on adopting) Shibboleth 3.x Identity Provider (IdP) due to the end-of-life of security patches for Shibboleth 2.x IdP in July 2016. In this webinar, Unicon’s Johnathan Johnson, senior software engineer, will present with representatives from Portland State University and The University of Chicago on each institution’s journey with implementing Shibboleth 3.x IdP.

  • Unicon collaborated with Portland State University to deploy Shibboleth 3.x IDP, utilizing both its SAMLv2 and Central Authentication Service (CAS) protocol support. Unicon also incorporated a Hazelcast backend, to provide a trouble-free shared session service that allows multi-node/High Availability IdP deployment supporting both SAMLv2 and CAS.
  • Unicon worked together with The University of Chicago to forward-port their existing Shibboleth 2.x IDP configuration to 3.x IdP, and built a Docker (container) image of IdP incorporating that configuration allowing for easy deployment of an updated image (and easy rollback if needed).


Presenters

Johnathan Johnson, Unicon, Inc.
Representatives from the University of Chicago and Portland State University

Phone Back-up

Audio will be available via Adobe Connect. There is a dial-in back-up:

734-615-7474, or 866-411-0013
PIN: 0105266#

About Unicon

Unicon, Inc. is a leading provider of IT consulting, services, and support for education technology and works with institutions and organizations to find solutions to meet business challenges. Unicon provides services and support for identity and access management (IAM) solutions including Central Authentication Service (CAS), Shibboleth, and Grouper. Unicon specializes in using open source technologies to deliver flexible and cost-effective systems in the areas of IAM, student success, mobile computing, learning management systems, portals, online video, calendaring, email, and collaboration. Learn more at www.unicon.net.

About the Internet2 Trust & Identity Solution Providers
(formerly InCommon Affiliates)

Internet2 Trust & Identity Solution Providers, formerly known as InCommon Affiliates, are part of the Internet2 Industry Program. These providers offer software, support, integration, and consulting related to identity and access management, and other trust services. You can learn more about this program at www.incommon.org/affiliates.

InCommon Shibboleth Installation Workshop Oct 19-20 in Arlington, Texas
Dean Woodbeck (internet2.edu) posted on Sep 01, 2015

Register Now for InCommon Shibboleth Installation Workshop in Arlington, Texas

October 19-20, 2015
The University of Texas at Arlington
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, October 19-20, at the University of Texas at Arlington. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop
  • Hands-on installation of the identity provider and service provider software
  • Experienced trainers providing overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 40

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

New InCommon Working Groups Home Base
Emily Eisbruch (internet2.edu) posted on Aug 25, 2015

Staying on top of what’s happening in the trust and identity world just got easier.  There's a new, simple way to locate information on InCommon working groups, the long- and short-term collaborations where a great deal of key community work gets accomplished. You're invited to visit and bookmark a handy wiki page that serves as a hub for finding InCommon working groups and their associated reports and recommendations.

In addition, if you are a current or prospective working group leader, there are useful tips for Trust and Identity Working Groups Chairs and Flywheels. Please email mw-service@internet2.edu if you have suggestions to enhance the usability of these pages or to link in more resources. Thanks to all of the community members who carve out the time to lead or participate in collaborative working groups.

Join leading identity architects at Advance CAMP within 2015 Technology Exchange
Emily Eisbruch (internet2.edu) posted on Aug 05, 2015

Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati at Advance CAMP (ACAMP), October 4-7, 2015, in Cleveland, Ohio. The overarching goal of ACAMP is to advance the state of the art in federation, access and security, and IAM services for both enterprises and virtual organizations.

Using an unconference format, attendees will determine the agenda and then convene highly focused, collaborative sessions with substantial time for exploration, discussion and determination of some next steps on cutting-edge topics.

This year, ACAMP will be held on Monday and Tuesday (half-day) of the Internet2 Technology Exchange. ACAMP is part of a comprehensive trust and identity schedule during the Technology Exchange:

- Sunday, October 4 - REFEDS (international federation operators)

- Monday and Tuesday (half-day), Oct. 5-6 - Advance CAMP

- Tuesday (half-day) and Wednesday, Oct. 6-7 - CAMP

 

For more information and to register:

https://meetings.internet2.edu/2015-technology-exchange/

 
We hope to see you there!

 

Registration Open - Shibboleth Installation Workshop - Sept. 17-18, 2015
Dean Woodbeck (internet2.edu) posted on Jul 28, 2015

Register Now for InCommon Shibboleth Installation Workshop in Cupertino

September 17-18, 2015
De Anza College - Cupertino, California
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, September 17-18, at De Anza College in Cupertino, California. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40


The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment

  • Discuss how to configure and running the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers


Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects


For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

Call for Participation in Multi-Factor Authentication Interoperability Profile working group
Emily Eisbruch (internet2.edu) posted on Jun 16, 2015

Update as of July 2015: Wiki for the MFA Interoperability Profile Working Group is here

================

Colleagues,

On behalf of the InCommon AAC, I would like to invite your participation in a new InCommon Multi-Factor Authentication (MFA) Interoperability Profile working group; the charter is below for your review.  This working group is being initiated based on substantial community interest in the topic of interoperable MFA.

If you are interested in participating, please send an email directly to me (and not the list), indicating your area of expertise and a brief summary of the reason for your interest in participating.  Please send these no later than Friday, June 26, 2015.  Please note the timeline for deliverables and ensure that you are prepared to allocate the appropriate amount of time to this effort.

Sincerely,

Jacob Farmer

Chair, Assurance Advisory Committee

 

InCommon MFA Interoperability Profile Working Group Charter

Mission

The Assurance Advisory Committee (AAC) invites the Community to participate in the InCommon Multi-Factor Authentication (MFA) Interoperability Profile Working Group.  The mission of the working group is to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider.

 

Deliverables

1.  Assemble use cases that will motivate the deliverables of this working group

2.  Develop short list of widely deployed MFA technologies that will be in scope for the profile

3.  Define requirements for and draft MFA Interoperability Profile

4.  Develop and recommend scope and plan for adoption

5.  Present draft in session at Technology Exchange in October 2015

6.  Publish final profile by November 30, 2015

 

Principles

1.  Profile should be constrained to address the articulated need for distributed MFA.

2.  Ability to implement with current technology should be a core design constraint.

3.  Support for this capability should be exposed in the Federation Metadata.

Four Spots Open for Shib Installation Workshop June 23-24, 2015
Dean Woodbeck (internet2.edu) posted on Jun 04, 2015

InCommon and CLAC (the Consortium of Liberal Arts Colleges) are collaborating on an InCommon Shibboleth Installation Workshop at Trinity College in Hartford, Connecticut, on June 23-24. We have four spot available and open to anyone who wants to attend. To register, go to https://service5.internet2.edu/reg/events/shib15-062/registrations

Read on for details on the Shibboleth installation workshop, or see www.incommon.org/shibtraining.

We will focus the training sessions on people who wish to learn about and eventually deploy the new IdPv3. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible.

  • Two-day, directed self-paced workshop
  • You will install the identity provider and service provider software
  • Experienced trainers provide overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 20

The workshop will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects
June IAM Online Features Three Case Studies in Access Management
Dean Woodbeck (internet2.edu) posted on May 29, 2015

Three Case Studies in Access Mangement

IAM Online – Wednesday, June 10, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

The June IAM Online will feature three case studies in access management. Hear about a variety of ways that organizations implement Grouper and access management: controlling access to a video streaming service in residence halls, integrating with course management, access to a student portal, and integration with Sharepoint and development of a central authorization management system.

Speakers from Oregon State University, UCLA, and GÉANT (the pan-European research and education network) will share their thoughts and experiences. Hear about business drivers the level of effort involved for deployment and integration, and future plans for these access management deployments.

Speakers:
Erica Lomax, Oregon State University
Andrew Morgan, Oregon State University
Mandeep Saini, GÉANT
Albert Wu, University of California Los Angeles (UCLA)

Moderator: Tom Barton, University of Chicago

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

 

Technology Exchange Proposals Due May 21
Dean Woodbeck (internet2.edu) posted on May 14, 2015

The 2015 Technology Exchange will take place October 4-7 in Cleveland, Ohio. This meeting includes a comprehensive Trust and Identity track, with the “unconference”-style Advance CAMP (ACAMP) on Monday and Tuesday morning, then two tracks for CAMP on Tuesday afternoon and Wednesday. Lots of U.S. and International R&E organizations will participate, so it will be a great opportunity for  Identity and Access Management people of all sorts to mix, enjoy, and learn from one another.

The Call for Proposals continues to be open through May 21. See the meeting website for details and guidance.
https://meetings.internet2.edu/2015-technology-exchange/call-participation/

Last year's TechEx in Indianapolis was both popular and informative and we hope you can join us October 4-7 in Cleveland.

May 2015 IAM Online - External Identities: Why and How with Real-World Examples
Dean Woodbeck (internet2.edu) posted on Apr 24, 2015

External Identities: Why and How with Real-World Examples

IAM Online – Wednesday, May 13, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Campuses are increasingly turning to external identities as an alternative to "guest" accounts for people who do not have institutional identities, like parents, alumni, external researchers, and continuing education students. This IAM Online will present an overview of the topic, touch on the recommendations from the InCommon External Identities Working Group, then delve into these topics:

  • key business drivers

  • campus experience from UMBC (parents) and Oregon State (trial with Canvas)

  • level of effort required for integration
  • risk assessment and determination
  • legal and privacy policy implications

  • cost-savings from eliminating local guest services


In addition, some campuses have started to look at invitations and account linking. Join us for this interesting and timely IAM Online.

Speakers:

Dedra Chamberlin, CEO, Cirrus Identity
Eric Goodman, University of California Office of the President
Andrew Morgan, Oregon State University
Erica Lomax, Oregon State University
Todd Haddaway, University of Maryland Baltimore County

Moderator: Tom Barton, University of Chicago

How to Connect

Slide sharing and audio: https://nternet2.adobeconnect.com/iam-online

Backup phone bridge for audio:
Dial-in numbers:

(734) 615-7474, or
(866) 411-0013 (toll-free US/Canada)
Access code: 0157272

Trust and Identity at the 2015 Global Summit
Emily Eisbruch (internet2.edu) posted on Apr 07, 2015

The 2015 Global SummitApril 26-30, includes plenty of great content related to trust and identity. To filter the Global Summit program for security and identity sessions, use the track #4 filter to see the track "Cyber Security & Trust & Identity in Education & Research: A Community Built on Trust."   Be sure to click the tabs for Sunday, Monday, Tuesday, Wednesday, and Thursday to get the full picture. 

Below are links to a few of the sessions that may be of special interest to the security, trust and identity community.

Sunday, April 26

Monday, April 27

Tuesday, April 28

Wednesday, April 29

Thursday, April 30

Of course, in addition to track sessions and working meetings, the Global Summit features top keynotes, not to mention crucial hallway conversations and enjoyable social gatherings. 

The 2015 Global Summit Program Committee is chaired by Jack Suess, Vice President and CIO at the University of Maryland, Baltimore County, past chair of the InCommon Steering Committee and a member of the NSTIC Identity Ecosystem Steering Group (IDESG). Bruce Maas, Vice Provost for Information Technology and Chief Information Officer at the University of Wisconsin-Madison, is co-chair.


 

 

April 2015 IAM Online - Improving Security of Identities and Authentication
Dean Woodbeck (internet2.edu) posted on Mar 29, 2015

Improving Security of Identities and Authentication

IAM Online – Wednesday, April 8, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline


A number of U.S. organizations are working to improve the security of identities and authentication, including promoting and expanding multifactor authentication and educating individuals and institutions about staying secure online. The April IAM Online will feature speakers from three of these organizations: the National Cyber Security Alliance, the FIDO (Fast IDentity Online) Alliance, and the National Strategy for Trusted Identities in Cyberspace (part of the National Institute for Standards and Technology).

The National Cyber Security Alliance is conducting a multi-city tour to educate consumers and businesses about multifactor authentication. By enlisting the support of local community leaders, government officials, businesses and universities, local residents are learning first-hand how to better protect themselves online by adding an extra layer of security, which confirms the identity of the user.

The FIDO Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance develops standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords.

We will also hear highlights from the National Strategy for Trusted Identities in Cyberspace, a White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of online transactions. NSTIC has funded a number of pilot projects, including the Internet2 Scalable Privacy effort.

Speakers

Kristin Judge, Program Lead, National Cyber Security Alliance
Jeff Shultz, National Strategy for Trusted Identities in Cyberspace (NSTIC)
Brett McDowell, Executive Director, The FIDO Alliance
Stephan Somogyi, Google

Moderator

Theresa Semmens, Chief Information Security Officer, North Dakota State University

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).