Internet2 Spring 2009 Member Meeting

Sessions of Interest to Incommon Participants

Monday, April 27

3:15 PM - 4:45 PM Shibboleth Working Group Meeting

Russ Beall , University of Southern California
Scott Cantor , The Ohio State University
Steven Carmody , Brown University
Chad LaJoie , SWITCH

This session will present updates and discussion on the Shibboleth project. Topics will include: 1) planned functionality for the next release (v2.2), 2) a demo by SWITCH showing Shib-enabled use of native desktop WebDAV clients, 3) a demo by SWITCH of the uApprove IdP extension allowing user control of attribute release (combined with a new IdP plugin to simplify site management of uApprove), 4) a presentation by USC on their work with a clustered IdP using Terracotta, and maybe 5) some discussion of the relationship between SAML 2 and PAM/GINA plugins.

5:00 PM - 6:30 PM InCommon Forum

This spring's forum will focus on community feedback regarding the future scope of InCommon. The ad hoc InCommon Future group, composed of community members from several Internet2 councils, the InCommon Steering Committee, and others, is charged with developing a three-year plan that recommends InCommon's scope and
activities: who InCommon serves, with what set of services, and how it will implement this next phase, including a governance and financial model. Community input is a critical piece of this process. The forum will focus on a brief
presentation, followed by round-table feedback discussion groups. Internet2 members and InCommon participants are welcome to join and provide feedback.

Tuesday, April 28

12:00 PM - 1:15 PM InCommon 101

Have you heard about federations and the benefits of this method for using your identity management system to authenticate constituents to use third-party resources? This lunch BoF will focus on introductory issues. Bring your questions and we'll discuss federating software, what federations do, the activities of the federation community, how to join InCommon and why, and any other topics that BoF participants find relevant.

1:15 PM - 2:30 PM Federated Cal-Aborations, Sharepoint and Bedework Discussed

Michael Grady , University of Illinois, Urbana-Champaign
Gary Schwartz , Rensselaer Polytechnic Institute

Two Federated environments will be presented. First, the Committee on Institutional Cooperation (CIC), which consists of the Big 10 institutions plus the University of Chicago, have had a SharePoint-based collaboration space to support its numerous standing committees and groups, collaboration efforts, etc. The process and technology behind the CIC use of federated Sharepoint will be presented by Michael Grady. Second, Bedework, an open source enterprise calendaring system in use at many universities in North America and Europe, has been leading the way in the calendaring space for Higher Education and beyond. Bedework has the calendaring distinction of operating in a federated world. Gary Schwartz will present on the current status of Bedework along with current challenges and activity between federation and calendaring.

4:30 PM - 5:30 PM Building on Success: from Identity Federation to Interfederation

Josh Howlett , JANET
Ken Klingenstein , Internet2/University of Colorado
Thomas Lenggenhager , SWITCH
Ian Young , University of Edinburgh

Two successful European Identity federations from Switzerland and the UK report what made them succeed and what to consider when planning a new federation. You'll hear about relevant technical and non-technical issues. What it needs to get interfederation activities moving forward is in the focus of the second part of the session.

Wednesday, April 29

7:30 AM - 8:45 AM Building Identity Trust Federations Within and Across State Boundaries

Richard Greenfield , University of Alaska
George Laskaris , NJEDge.Net

State research and education communities increasingly rely upon a growing variety of online interactions that require the support of multiple authentication systems with multiple user-IDs and passwords. This cumbersome and confusing state-of-affairs increases the risk of fraud, privacy compromise and identity theft. Using federated identity, the service provider's account management burden is significantly reduced and the security and privacy is increased for the participating campus or state entity. Participants from the StateNets and US Higher Education Systems communities are invited to join this birds-of-a-feather to discuss topics in building identity trust federations.

8:45 AM - 10 AM - Collaboration Infrastructure

Heather Flanagan, Stanford University
Frank Pinxt, SURFnet
Niels van Dijk, SURFnet

Two organizations with a strong track record in designing and fielding middleware, SURFnet and Internet2, are working on complementary aspects of a common problem: how to make it easier for groups of collaborators to manage their own access needs across the set of services they rely on. Project leads from each of these organizations will share the latest experience and insight from both sides of the Atlantic.

1:15 PM - 2:30 PM Attributes - The New Frontier

David Chadwick , University of Kent
Ken Klingenstein , Internet2/University of Colorado

With the widening use of federated identity and its ability to pass attributes from an identity provider to a relying party, attention is now turning to frontiers in attribute issues. In the first presentation, David Chadwick will explore the critical area of attribute aggregation, a requirement of many use cases where a relying party needs information from multiple attribute authorities, and demonstrate his implementation of a Linking Service which allows users to aggregate their attributes in private without revealing their various identities to third parties. In the second half, Ken Klingenstein will discuss other emergent areas in this nascent attribute ecosystem, including federated attributes (with common semantics), managing sources of authority, government schema, rich attribute queries, etc.

1:15 PM - 2:30 PM Building Strong K20 Initiatives: NCTrust K-20 Federation Pilot and MAGPI's Collaboration with Kentucky

Susan Lancaster , KyRON (Kentucky Regional Optical Network)
Greg Palmer , MAGPI GigaPoP, University of Pennsylvania
Miko Pattie , Kentucky Council on Postsecondary Education
Tim Poe , MCNC
Mark Scheible , North Carolina State University
Heather Weisse Walsh , MAGPI GigaPoP, University of Pennsylvania

The NCTrust Federation is a pilot project for North Carolina created to explore collaboration and resource sharing for the K-20 organizations throughout the state. It is driven by the need to prevent duplication of state services as a cost saving measure, as well as to provide services broadly throughout the state regardless of the budgets or technical expertise of some of the smaller educational institutions. By initially using InCommon as the trust infrastructure (modeled after the University of California's UCTrust), we were able to bypass that technical hurdle for the pilot. We then selected a few viable participants from the North Carolina K-20 community (4-year public and private universities, 2-year community colleges and K-12 school districts), and are working to give them authenticated, authorized access to a few North Carolina online applications through federated identity management.

The discussion will outline the lessons learned thus far with this project with a look toward future objectives. Working to build a strong K20 Initiative, MAGPI and the Commonwealth of Kentucky have partnered to advance the use of networking technologies within Kentucky educational communities. Now half-way through their 18-month collaboration, members from both organizations are excited to share their partnership model, intended outcomes and current progress. Hear how MAGPI has worked with Kentucky educational agencies to provide mentoring, training, resources, communication tools, programming and support as they build a more robust teaching and learning community that takes advantage of advanced networking applications.

3:00 PM - 4:00 PM Future of InCommon and US Federations

Ken Klingenstein , Internet2/University of Colorado
Jack Suess , University of Maryland, Baltimore County

Internet2 councils, along with the governing InCommon Steering Committee, are meeting through the winter and spring to develop a recommendation for the future service and business plan of the InCommon federation. Leaders from both Internet2 Councils and InCommon governance will be on hand to present the set of draft recommendations and to solicit feedback.