InC-Collaborate Blog from September, 2010

Are you new to InCommon (or considering joining) and beginning to develop next steps? Consider attending Day CAMP: Getting Started with the InCommon Federation, November 4-5 in Atlanta, Georgia.

The meeting will feature sessions covering:

  • The why and what of federations
  • Federating your campus identity management system
  • Participant Operating Practices
  • Case studies from the field
  • Walking through the process
  • Developing your plan

The complete program details are available at the Day CAMP website (https://spaces.internet2.edu/display/DayCAMP).

Online registration is open at http://events.internet2.edu/2010/fall-mm/registrationintro. Please note that, while Day CAMP takes place immediately following the Internet2 Fall Member Meeting in Atlanta, registration and attendance are separate from that meeting. You do not need to be an Internet2 member nor do you have to attend the Fall Member Meeting to participate in Day CAMP. There is a separate registration fee.

Day CAMP is sponsored by the InCommon Federation in cooperation with Internet2.

The Shibboleth development team has announced the release of version 2.2 of the IdP. The upgrade is available at http://shibboleth.internet2.edu/downloads/shibboleth/idp

This release corrects a number of bugs and introduces several new features:

Metadata Provider improvements:

  • Reloading metadata in a background thread now prevents the most common cause of the occasional "pause" users see when they log in.
  • Use of conditional HTTP GETS when pulling metadata from HTTP sites. This can greatly reduce the amount of data pulled and processed over time.
  • Support for HTTP compression, generally reducing network traffic by a factor of 10.
  • Support for HTTP proxies.

LDAP improvements:

  • LDAP result caching can now be enabled, potentially reducing the number of times the IdP needs to go out to the LDAP for attributes.
  • Improved failover capabilities when using multiple LDAP replicas
  • Option to lowercase attribute IDs that come from LDAP (fixes case-sensitivity issues that some sites encountered)

There is also expanded documentation on customizing the login.jsp page, including how to detect and inform users on errors caused by directly accessing this page.

If you upgrade, be sure to follow the upgrade documentation at https://spaces.internet2.edu/display/SHIB2/IdP22Upgrade.

This will be the last major release in the 2.X line. The next major release will be 3.0. The Shibboleth team plans to produce scripts that will upgrade 2.X configurations to 3.X configurations. These upgrade scripts will assume 2.2 configuration files with all deprecated configuration items and notations removed (you'll see warnings in your log when you start up IdP 2.2 that tells you what has been deprecated).

ANN ARBOR, Michigan - September 22, 2010 - Gluu, a company dedicated to making it easier for organizations to implement federated identity, has become an InCommon Affiliate.

InCommon is the U.S. trust federation in higher education and is an operating unit of Internet2. Through InCommon, higher education institutions and their partners offer access to contracted and collaborative services - in a privacy- and security-enhanced method - to faculty, researchers, students and staff. The Affiliate Program provides the research and education community with a way to connect with Affiliate partners, who are able to help build the necessary underlying infrastructure on campus that supports federated access.

"We welcome Gluu's experience in identity management," said John Krienke, chief operating officer of InCommon. "It comes at a time of great growth and interest in federated identity management infrastructure and they provide a key partnership link for higher education participants."

Gluu's Federated Identity Appliance, based on Shibboleth Federated Single Sign-on Software and identity virtualization, is an on-premise or cloud solution monitored 24×7 and supported by Gluu. The appliance includes a web-based dashboard, can be deployed quickly, and addresses all the installation and operational issues of an organizational federated identity service at a predictable annual cost.

"We are excited to participate as an affiliate member of InCommon," said Michael Schwartz, chief executive officer of Gluu. "Higher education institutions are at the cutting edge of federation technology and are setting the bar for scalable, secure solutions that also protect people's privacy. Gluu's goals are mutually aligned with InCommon. Our solutions are focused on providing simplified and scalable access and identity management solutions for new and existing InCommon participants."

For more information about InCommon, as well as a list of current affiliates, go to www.incommon.org/affiliate.

ABOUT GLUU
Gluu is a San Antonio, Texas, based managed service provider. The company's flagship service is the Gluu Federated Identity Appliance. The service offers organizations turnkey management of their federation service. The appliance is based on the Shibboleth open source federation software, XRI identifiers, and Gluu federated LDAP directory services. For more information, visit www.gluu.org.

ABOUT InCommon
The InCommon Federation, operated by Internet2, provides a privacy-preserving, secure method for higher education institutions and their partners to offer single sign-on convenience to their faculty, researchers, students and staff. Through InCommon, individuals no longer need to maintain multiple passwords and usernames and online service providers no longer need to maintain user accounts. The educational institution manages the level of privacy and security for its constituents. For more information, see www.incommon.org.

Going to the 2010 EDUCAUSE Annual Conference in Anaheim? There are several InCommon- and federation-related sessions, including a pre-conference seminar the morning of Tuesday, October 12: "Identity and the Cloud: Preparing Your Campus." The seminar is aimed at those getting started with InCommon.

InCommon will also host a session for campus CIOs interesting in federated IdM, a summary of a recent remote identity proofing survey by the InCommon Student Services collaboration group, and a session about campus-vendor partnerships is developing federated identity.

Detailed information is available at the EDUCAUSE conference website: http://www.educause.edu/E2010/Program/F2F (try filtering for InCommon).

Here are the details.

Tuesday, October 12
8:30 a.m. - noon
Pre-conference seminar - Identity and the Cloud: Preparing Your Campus

Managing security and privacy is an ongoing challenge, compounded by the expanding interest in software as a service and cloud computing. John O'Keefe and Justin Sipher will discuss the value the federation can provide to your campus infrastructure, explain the concept and benefits of participating in InCommon, and cover all of the facets of joining.

Wednesday, October 13
4:30 - 6 p.m.
InCommon and the CIO

Join CIOs from InCommon participants and non-participants alike for an informal session concerning the strategic integration of federated identity management with the campus computing infrastructure.

Wednesday, October 13
4:50 - 6:30 p.m.
Market Research - Aegis USA - Identity and Access Management in Higher Education

InCommon Affiliate AegisUSA is releasing the Aegis Trident Identity Suite for Higher Education at EDUCAUSE 2010 - a new, open standards, enterprise-class identity and access management solution. This session seeks feedback on the overall IAM market as well as requirements and features to enhance Trident IAM for the education community. www.aegisusa.com/trident

Thursday, October 14
1:00 - 1:50 p.m.
IAM Working Group Community Update

The EDUCAUSE Identity and Access Management Working Group provides community leadership on topics related to identity and access management, including policies, processes, technologies, and effective practices and solutions that advance adoption within higher education. This year's session will be simulcast with IAM Online, a monthly series sponsored by the InCommon Federation and will provide an update on the working group's goals, priorities, projects, and volunteer opportunities. It will also feature a discussion of EDUCAUSE's implementation of federated identity management.

Thursday, October 14
4:30 - 5:20 p.m.
The InCommon Federation: What's New in the Community?

Learn more about the InCommon Federation and federated identity management and discuss success stories and lessons learned with your colleagues. Hear the latest news from the Federation, including the new certificate service. Find out how to get help and information about the new service providers.

Friday, October 15
8:00 - 8:50 a.m.
IdM/IAM and Remote Student Services:
Risk Assessment and Identity Management Practices

Most campuses offer personalized remote services; some are considering remote identity proofing practices to support higher security access, but all must assess the institutional risk and level of regulatory compliance. In this session, IT and student service professionals will discuss the link between risk and identity management practices.

Friday, October 15
9:30-10:20 a.m.
Getting Started with Federations: Build or Buy?

Moving to a federated world entails getting your head around new policy implications, business process considerations, and technical implementations. This session will present case studies of campus and vendor partnerships and a checklist of what you need to plan and start your move.

The InCommon Certificate Service will be one of the topics discussed at the upcoming Symposium on Authentication Technologies for Research and Education, October 4 at Texas Tech University. The symposium is co-sponsored by the International Grid Trust Federation (IGTF) and the Open Grid Forum.

The symposium will focus on working solutions in campus security infrastructures that can contribute to solutions for simple but effective provision of strong authentication in research, educational, government and industrial settings.

Paul Caskey and Jim Basney, both members of the InCommon Technical Advisory Committee, will provide information about the Cert Service, which was created by research and higher education to provide unlimited SSL and personal certificates for one annual fee.

Other presentations will touch on InCommon, including a demonstration of CILogon: Campus Authentication to CyberInfrastructure; and a discussion about identity-based services for U.S. Department of Energy national laboratories and their collaborators.

Following the one-day symposium, IGTF and TAGPMA (The Americas Grid Policy Management Authority) will hold two days of meetings in conjunction with the organizations' fifth anniversary.

Details are available at http://bit.ly/8ZPBq6

InCommon News

September 7, 2010

In This Issue:

  • Registration Open for Day CAMP: Getting Started with the InCommon Federation
  • InCommon Cert Service Goes Live
  • InCommon Online Forum - Cert Service - Sept. 14
  • IAM Online, "Working with Sponsored Partners," Sept. 16
  • "Identity and the Cloud" Half-Day Session at EDUCAUSE
  • Gluu Joins InCommon Affiliate Program
  • InCommon Welcomes Scavo as Operations Manager
  • New Participants

---------------
Registration Open for Day CAMP: Getting Started with the InCommon Federation

InCommon has opened registration for Day CAMP: Getting Started with the InCommon Federation, which will take place November 4-5 in Atlanta, Georgia. The meeting will feature technical and management information for higher education institutions looking to access federated services through InCommon. This is immediately following - but separate from - the Internet2 Member Meeting. Details and registration are available at https://spaces.internet2.edu/x/kwbw.

---------------
InCommon Cert Service Goes Live
The InCommon Cert Service went live on August 20. The service provides unlimited certificates for higher education institutions at one low fee. The research and higher education community developed this service for pragmatic reasons (to reduce costs) and innovative reasons (the first real step toward signed email and second-factor authentication). Details on subscribing are at www.incommon.org/cert. There are now 10 participating campuses and systems (including the University of Texas system, which has 15 universities and health centers plus the system office):

University of Alaska
California Institute of Technology
Carleton College
University of California Berkeley
Indiana University
Iowa State University
University of Minnesota
Penn State University
University of Texas System
University of Virginia

---------------
InCommon Online Forum - Cert Service - Sept. 14
The latest InCommon Online Forum will provide an overview of the InCommon Cert Service, including information on how to subscribe and policy issues. The webinar will be held Tuesday, Sept. 14, at 1 p.m. EDT. John Krienke (chief operating officer of InCommon) will provide the overview, then Dedra Chamberlin and Karl Grose, both of the University of California Berkeley, will address questions and issues related to implementation. UC Berkeley piloted the service and has the first implementation up and running. See the details, including information on how to join the online forum, at http://www.incommon.org/forum/.

---------------
IAM Online, "Working with Sponsored Partners," Sept. 16
The next IAM Online (Thursday, Sept. 16, at 1 p.m. EDT) will focus on working with InCommon service providers. Speakers John Harwood (Penn State) and Paul Caskey (University of Texas System) will look at the federated services available and provide tips on strategies for extending your federated reach and bringing new vendors into the federation. Complete information, including how to join the IAM Online, is at www.incommon.org/iamonline.

---------------
"Identity and the Cloud" Half-Day Session at EDUCAUSE
A half-day preconference session at EDUCAUSE - "Identity and the Cloud: Preparing Your Campus" - will focus on understanding InCommon and federated identity management and understanding the value proposition for joining InCommon. The session will be held Tuesday, October 12. Presenters include John O'Keefe (Lafayette College), Justin Sipher (Skidmore College) and Ann West (Internet2/InCommon). For more information, see the EDUCAUSE website (http://bit.ly/cdwbXz)

--------------------
Gluu Joins InCommon Affiliate Program
Gluu, a federation service provider, has joined the InCommon Affiliate Program. This program connects higher education institutions and their federating partners with commercial or non-profit organizations that provide software, content, guidance, support, and implementation and integration services related to participating in the federation (www.incommon.org/affiliate).

ABOUT GLUU: Gluu (www.gluu.org) makes it easier for organizations to implement federated identity. Gluu's Federated Identity Appliance, based on Shibboleth and identity virtualization, is an on-premise solution monitored 24×7 and supported by Gluu. Once deployed, federating with new service providers (relying parties) can be accomplished using Gluu's web-based dashboard. The Federated Identity Appliance, by mapping identity data from existing data stores, can be deployed quickly, and addresses all the installation and operational issues of an organizational federated identity service at a predictable annual cost. The Federated Identity Appliance can be deployed as on-premise hardware or a cloud VM instance.

--------------------
InCommon Welcomes Scavo as Operations Manager
Tom Scavo has joined InCommon as operations manager, responsible for managing day-to-day technical operations of the federation and trust services. He moves to InCommon from the National Center for Supercomputing Applications, where he was manager of the Virtual School of Computational Science and Engineering. He has also been a member of the OASIS Security Services (SAML) technical committee

--------------------
New Participants in August
InCommon added five participants in August and now has 246 participants (up from 199 at the beginning of 2010). There are the participants that joined in August.

Higher Education

  • University of Central Florida (www.ucf.edu)
  • East Carolina University (www.ecu.edu)
  • University of Hawaii (www.hawaii.edu)

Sponsored Partners

  • Alexander Street Press (www.alexanderstreet.com)
  • IEEE (www.ieee.org)

--------------------
About Alexander Street Press
Alexander Street (http://www.alexanderstreet.com) is an electronic publisher of award-winning online collections in the humanities and social sciences totaling many millions of pages, audio tracks, videos, images, and playlists. Through building high-quality collections across the humanities, Alexander Street provides unique resources for scholarship — in literature, music, women's history, black history, psychological counseling and therapy, social and cultural history, drama, theater, film, and the performing arts, religion, sociology, and other emerging areas.

--------------------
About IEEE
IEEE (Institute of Electrical and Electronics Engineers) (www.ieee.org) is the world's largest technical professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. With over 395,000 members in over 160 countries, IEEE members are engineers, scientists and allied professionals whose technical interests are rooted in electrical and computer sciences, engineering and related disciplines. IEEE publishes nearly a third of the world's technical literature in electrical engineering, computer science and electronics. IEEE journals are consistently among the most highly cited in electrical and electronics engineering, telecommunications and other technical fields. IEEE publications are available to academic institutions, corporations and government agencies around the world via the IEEE Xplore® Digital Library (http://ieeexplore.ieee.org/Xplore/guesthome.jsp), which provides access to more than 2.5 million full-text documents comprising IEEE journals, transactions, magazines, letters, conference proceedings and standards.

--------------------
InCommon News is published by the InCommon Federation (www.incommon.org) for its participants and other interested parties. InCommon is an LLC of Internet2. Send feedback or comments to incommon-info@incommon.org.

This newsletter is sent to incommon-announce@incommonfederation.org. To subscribe or unsubscribe, send an email to sympa@incommon.org with one of these messages in the subject: subscribe incommon-announce or unsubscribe incommon-announce. You can also subscribe to the InCommon RSS news feed, which includes this newsletter, by visiting www.incommon.org/contacts.cfm.

IAM Online - Thursday, September 16, 2010

1 p.m. EDT / Noon CDT / 11 a.m. MDT / 10 a.m. PDT
www.incommon.org/iamonline


Working With Sponsored Partners

Looking to discover the range of federated services available through InCommon? Need some tips on how to work with Sponsored Partners to maximize the value of your InCommon participation? Tune in to the next IAM Online, "Working with Sponsored Partners," to help make the most of InCommon.
This IAM Online will look at the services available and the most common pushbacks when it comes to convincing your vendors of the need for federated identity management. Two seasoned vets will discuss commonly encountered objections and how they overcome such objections.
Guest Speakers:

Paul Caskey, Technology Architect for the University of Texas System and a member of the InCommon Technical Advisory Committee

John Harwood, senior director of Teaching and Learning with Technology, Penn State University

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.acrobat.com/iam-online.

For further connection details, including a back-up dial-in conference call number for listening if you are away from your computer, see www.incommon.org/iamonline.

ABOUT IAM Online


IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.


Day CAMP: Getting Started with InCommon

Atlanta, Georgia * November 4-5, 2010 * www.incommon.org/camp


Registration for Day CAMP: Getting Started with InCommon is now open at https://spaces.internet2.edu/display/DayCAMP.

Are you thinking about joining the InCommon Federation, but want to know more about what's involved? Have you just become a participant and beginning to develop next steps?

Consider attending Day CAMP: Getting Started with the InCommon Federation.

The meeting will feature technical and management information for higher education institutions looking to run an identity provider to access federated services. Attendees will:

  • Discuss the value proposition.
  • Learn what it takes to begin accessing federated services.
  • Link up with consultants, services, and experienced colleagues
  • Leave with concrete, practical information and a local action plan.

Appropriate for any size school, the meeting offers IT managers and technical implementers the chance to learn more about how to federate through InCommon.

PROGRAM: The complete program will be posted in early September at https://spaces.internet2.edu/display/DayCAMP.

REGISTRATION: Online registration is open at http://events.internet2.edu/2010/fall-mm/registrationintro

Please note that, while Day CAMP takes place immediately following the Internet2 Fall Member Meeting in Atlanta, registration and attendance are separate from that meeting. You do not need to be an Internet2 member nor do you have to attend the Fall Member Meeting to participate in Day CAMP. However, there is a separate registration fee.

RESOURCES: There is a handy guide for getting started with federated identity management available on the InCommon wiki. Look for the Federated Identity Resources Booklet at https://spaces.internet2.edu/x/-wo.

CAMP SPONSORS
CAMP is sponsored by the InCommon Federation in cooperation with Internet2.

InCommon Online Forum: The InCommon Cert Service

Tuesday, September 14, 2010

1 p.m. EDT / Noon CDT / 11 a.m. MDT / 10 a.m. PDT

InCommon has launched a new certificate service, providing unlimited certificates at one low fee. The research and higher education community developed this service for pragmatic reasons (primarily to reduce costs) and innovative reasons (the first real step toward signed email and second-factor authentication).

If you have signed up for the InCommon Cert Service, or are interested in more information, join this InCommon Online Forum webinar "The InCommon Cert Service."

John Krienke, chief operating officer of InCommon, will provide an overview of the service and address policy questions. Dedra Chamberlin and Karl Grose, both of the University of California Berkeley, will address questions and issues related to implementation. UC Berkeley piloted the service and has the first implementation up and running.

Details and background information for the InCommon Cert Service are at www.incommon.org/cert. InCommon is an operating unit of Internet2.


Host:

  • John Krienke, Chief Operating Officer, InCommon

Guest Speakers:

  • Dedra Chamberlin, Manager, CalNet (identity and access management services), University of California Berkeley
  • Karl Grose, programmer/analyst, University of California Berkeley

Connecting

We use Adobe Connect for slide sharing and audio, and we will use the chat function for questions.

http://internet2.acrobat.com/incforum


ABOUT InCOMMON ONLINE FORUM

The InCommon Online Forum is a series of webinars that provide opportunities for presentations with the InCommon Steering Committee, the InCommon Technical Advisory Committee, InCommon collaboration groups, and topics of general interest to the InCommon community.