The InCommon Library Collaboration has released its recommendation for libraries that wish to move away from IP-based access to protected resources and have more fine-grain control of access. The collaboration has recommended a Shibboleth/EZproxy hybrid and has developed a number of resources for libraries to use to explore this option.
Several college and university library IT professionals formed the InCommon Library collaboration to explore methods for fine-grain control of access to licensed resources, leveraging the campus identity management system while accommodating a wide variety of users.
One goal was to move away from IP-address-based authentication. The collaboration tested and recommended a hybrid of Shibboleth (a single sign-on solution for accessing on-campus and off-campus resources) and EZproxy (widely deployed among libraries).
The group also developed best practices, a registry of resources, and organized a method for encouraging library resource providers to join InCommon, adding value for adopting the Shibboleth/EZproxy hybrid solution.
Why the Shibboleth/EZproxy Hybrid?
Libraries face special situations in making online resources available.
- The catalog may be open to all who enter the building.
- Specialized databases may be open to anyone physically in the library.
- Databases may be open to those with university credentials regardless of their physical location.
- Some resources may be open only to students and faculty in a certain field (such as the law school or medical school).
EZproxy is widely used to provide access to off-campus resources. Shibboleth leverages the main campus identity management system, protects user privacy and data security, and provides fine-grained access control.
The collaboration group has collected its resources at the InCommon website, including an overview, documentation for implementing the hybrid, an archived webinar, and presentations.
A greater diversity of colleges and universities are eligible to join the InCommon Federation and benefit from single sign-on secure access to dozens of third-party services.
InCommon, which is operated by Internet2, has announced that it now recognizes accreditation from a much larger range of accreditation agencies - all recognized by the U.S. Department of Education.
"We recognized that our requirements needed to grow along with the organizations that we serve," said John Krienke, chief operating officer of InCommon. "In addition to the regional accrediting agencies we've always recognized, we will accept accreditation from a number of other national and state agencies."
When colleges and universities join InCommon, their faculty, researchers, students, and staff can use one username and password - that issued by the higher education institution - to access on-campus and off-campus services. This improves privacy and security, and provides the convenience of an individual having just one username and password to access many resources. In addition, InCommon participants agree on a common set of policies and procedures, making it much easier to add a new service or partner.
InCommon also offers a certificate service that provides unlimited SSL and, soon, personal certificates to colleges and universities at one low annual fee.
For more information on InCommon and a full list of participants, visit www.incommon.org
************************
About InCommon(R)
The InCommon Federation (www.incommon.org), operated by Internet2, provides a privacy-preserving, secure method for higher education institutions and their partners to offer single sign-on convenience to their faculty, researchers, students and staff. Through InCommon, individuals no longer need to maintain multiple passwords and usernames and online service providers no longer need to maintain user accounts. The educational institution manages the level of privacy and security for its constituents. InCommon also offers the InCommon Cert Service, providing unlimited SSL and, soon, personal certificates to colleges and universities at one low annual fee.
Need training on Shibboleth installation and support? Interested in getting the most out of your InCommon participation? Consider attending one or both of the latest sessions in the Shibboleth Workshop Series, to be held at Lafayette College in Easton, Pennsylvania, and sponsored by InCommon with support from Internet2 and Lafayette College.
The workshops will provide technical installation and configuration experience with Shibboleth version 2.x and were developed for campuses new to Shibboleth and those interested in upgrading to 2.x.
- Install either a prototype identity or service provider in either a Linux (CentOS) or Windows virtual
machine environment (familiarity with Tomcat is very helpful in this training environment). - Hear tips for configuring and running the software in production.
- Learn about integration with LDAP directories and selected packages, as well as advanced topics.
The Identity Provider Workshop will be November 9, from 9 a.m. - 6 p.m. ($335 for InCommon Participants and Internet2 members; $350 for others). The Service Provider Workshop is November 10, 9 a.m. - 6 p.m. ($335 for InCommon Participants and Internet2 members; $350 for others). Please note there is separate registration and a separate fee for each workshop.
Organizations are encouraged to send up to two attendees who best represent these functions: system install, integration, and ongoing support staff; and/or campus technology architects. Details and registration information and links are available at the InCommon website.
Lafayette College is located in Easton, PA, approximately 60 miles west of Newark, NJ, and 60 miles north of Philadelphia, PA. Travel and lodging information is also on the website. A one-page flyer [PDF] is also available.
IAM Online - Thursday, October 14, 2010
Identity & Access Management Working Group Community Update
4 p.m. EDT / 3 p.m. CDT / 2 p.m. MDT / 1 p.m. PDT www.incommon.org/iamonline
Join the EDUCAUSE Identity and Access Management (IAM) Working Group for an update on programs in advocacy, awareness and collaboration. Also hear about the EDUCAUSE implementation of federated identity management.
This month's IAM Online will simulcast the working group's meeting at the EDUCAUSE annual conference in Anaheim, providing an update on the working group's goals, priorities, projects, and volunteer opportunities.
The Identity and Access Management Working Group provides community leadership on topics related to identity and access management, including policies, processes, technologies, and effective practices and solutions that advance adoption within higher education.
Guest Speakers:
Craig Hancock, Senior Programmer/Analyst, EDUCAUSE
Matt Pasiewicz, Manager of Web Development, EDUCAUSE
Moderators:
Christopher Duffy, Chief Information Officer, Peirce College
Linda Hilton, Chief Information Officer, Vermont State Colleges
Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.acrobat.com/iam-online.
For more details, see www.incommon.org/iamonline.
ABOUT IAM Online
IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.
InCommon News - October 4, 2010
In This Issue:
- Going to EDUCAUSE? InCommon and Identity Management Sessions
- Federation Track at Internet2 Member Meeting
- Three Federation Sessions Available via Netcast
- IAM Online, "EDUCAUSE IAM Working Group and Federated Services," October 14
- National Library of Medicine Federates PubMed Service
- IDDY (Identity Management Awards) Accepting Applications for 2011 Awards
- Shibboleth Workshop Series November 9-10
- Day CAMP (Getting Started with the InCommon Federation) Slated Nov. 4-5
- EDUCAUSE Podcast - IAM as an Institutional Challenge
- New Participants
---------------
Going to EDUCAUSE? InCommon and Identity Management Sessions
There are several InCommon and federation-related sessions available at the upcoming EDUCAUSE annual conference in Anaheim. See the highlights here: https://spaces.at.internet2.edu/x/7Qvw
---------------
Federation Track at Internet2 Member Meeting
Speaking of meetings, this year the Internet2 Fall Member Meeting (Nov. 1-4 in Atlanta, Georgia) has a new track: Focus on Federations. You can filter the Member Meeting agenda and see the sessions at http://events.internet2.edu/2010/fall-mm/agenda.cfm.
Three Federation Sessions via Netcast - If you aren't going to the Member Meeting, three of the track sessions will be available via Netcast. The sessions include the InCommon Forum - Policy (Nov. 2; 1:15 p.m. EST), case studies from state networks on cloud services (Nov. 3; 4:30 p.m. EST), and a look at multiple uses of federations (Nov. 4; 10:30 a.m. EST). See the details at https://spaces.at.internet2.edu/x/oIH8
---------------
IAM Online, "Live from EDUCAUSE: IAM Working Group and EDUCAUSE Federated Services"
Thurs., Oct. 14 - 4 p.m. EDT / 1 p.m. PDT
This year's session of the Identity and Access Management Working Group at the EDUCAUSE annual conference will be simulcast with IAM Online. This session will provide an update on the working group's goals and projects, as well as a discussion of EDUCAUSE's implementation of federated identity management. Complete information, including how to join the IAM Online, is at www.incommon.org/iamonline.
---------------
National Library of Medicine Federates PubMed Service
The National Center for Biotechnology Information at the National Library of Medicine, which is part of the National Institutes of Health, has federated its PubMed service, which comprises more than 20 million citations for biomedical literature from MEDLINE, life science journals and online books. Citations may include links to full-text content from publisher websites. When a campus federates with PubMed, individuals can login with their campus credentials and save searches, save collections of data, and take advantage of other personalized services. In addition, while all users can view articles in Pubmed Central, a federated user can choose to display additional full-text articles in journals to which his or her campus has subscribed.
---------------
IDDY (Identity Management Awards) Accepting Applications for 2011 Awards
The Kantara Initiative has announced its fifth annual Identity Deployment of the Year (IDDY) Awards, which will be presented at the 2011 RSA Conference in San Francisco on February 14. The IDDY Awards recognize individuals and organizations for developing and deploying outstanding digital identity management solutions. Applications are being accepted now, and deployers of these technologies are encouraged to participate. See the full announcement at the Kantara Initiative website: http://bit.ly/ajhFVE
---------------
Shibboleth Workshop Series November 9-10
The Shibboleth Workshop Series will offer one-day training sessions for installing, configuring, and running the identity provider and service provider packages. The IdP training will take place November 9, with the SP training on November 10. Both sessions will take place at Lafayette College in Easton, Pennsylvania. For details, including technical requirements and costs, visit www.incommon.org/educate/shibboleth.
---------------
Day CAMP (Getting Started with the InCommon Federation) Slated Nov. 4-5
Day CAMP: Getting Started with the InCommon Federation, will take place November 4-5 in Atlanta, Georgia. The meeting (which runs from 1:30 p.m. November 4 through noon on November 5) will feature technical and management information for higher education institutions looking to access federated services through InCommon. This is immediately following - but separate from - the Internet2 Member Meeting. Details and registration are available at https://spaces.at.internet2.edu/x/kwbw.
---------------
EDUCAUSE Podcast - IAM as an Institutional Challenge
The September EDUCAUSE Now podcast includes an interview with Jens Haeusser, director of strategy at the University of British Columbia, on framing IdM as not just an IT issue, but as an institutional challenge. http://bit.ly/aa8aqg
--------------------
New Participants in September
InCommon added eight participants in September and now has 253 participants (up from 199 at the beginning of 2010). These are the participants that joined in September.
Higher Education
- Florida Atlantic University (www.fau.edu)
- Georgia Institute of Technology (www.gatech.edu)
- Indiana University of Pennsylvania (www.iup.edu)
- Rice University (www.rice.edu)
- Skidmore College (www.skidmore.edu)
- University of Northern Iowa (www.uni.edu)
Sponsored Partners
- Docufide (www.docufide.com)
- Maxient (www.maxient.edu)
--------------------
About Docufide
Docufiee (www.docufide.com) is education's trusted intermediary, providing full-service electronic student records and transcript exchange to more students, K-12 schools and postsecondary institutions nationwide than any other service provider. For the last seven years, Docufide has provided electronic transcript services to record owners (students), record holders (high schools and colleges) and recipients of all kinds. The company has been competitively selected to provide statewide initiatives in 10 states. Its flagship offering, Secure Transcript, currently manages the full service ordering, capture, and secure delivery of student transcripts and supporting admissions documents from over 4,000 high schools and colleges to anywhere, including electronically to over 1,200 colleges.
--------------------
About Maxient
Maxient's Conduct Manager software (www.maxient.com) is a completely customizable, web-based solution for managing all aspects of the student conduct process. In addition to storing conduct records and increasing office productivity, Maxient features tools specifically designed to assist CARE and Behavioral Intervention Teams in working with students of concern. Founded in 2003 by individuals who previously worked in student affairs, Maxient's experience and commitment to the field shows with a product that is highly functional, very intuitive, and budget friendly. Nationwide, more than 140 colleges and universities trust Maxient to provide this mission-critical service.
--------------------
InCommon News is published by the InCommon Federation (www.incommon.org) for its participants and other interested parties. InCommon is an LLC of Internet2. Send feedback or comments to incommon-info@incommonfederation.org.
This newsletter is sent to incommon-announce@incommonfederation.org. To subscribe or unsubscribe, send an email to sympa@incommonfederation.org with one of these messages in the subject: subscribe incommon-announce or unsubscribe incommon-announce. You can also subscribe to the InCommon RSS news feed, which includes this newsletter, by visiting www.incommon.org/contacts.cfm.
If you aren't going to the Internet2 Member Meeting (November 1-4, 2010, in Atlanta Georgia), three of the Focus on Federation track sessions will be available via Netcast. Netcasts are streaming video and are available at no cost. All of the Netcast sessionsare availalbe at no cost and are accessible from one location.
Here are the details of the Focus on Federation sessions.
Tuesday, November 2 (1:15-2:30 p.m. EST)
This segment of the InCommon Forum will focus on policy issues. The InCommon Steering Committee will present a draft 2011 tier/pricing schedule, and will bring forward governance and other policy matters of interest to the community, as we continue to build on the InCommon Future report of 2009. The InCommon Forum is conducted in an informal, working-group-like atmosphere.
Wednesday, November 3 (4:30-5:30 p.m. EST)
Identity and Cloud Services: Case Studies from State Networks
A growing number of state research and education network providers are exploring adding identity and access infrastructure to their suite of services to complement their physical networks. Their goal is to enable their members to have seamless access to community-based and commercial cloud computing and SaaS resources. Join us for a glimpse into what several state network R&E providers are doing in this realm, why they are doing it and what lessons they can share with you.
Thursday, November 4 (10:30-11:45 a.m. EST)
Federations are proving useful at many levels of organizations. Campuses are finding value in building internal federations to accommodate multiple identity providers (such as Engineering and Business Schools, or Alumni associations). Agencies are finding federations help to integrate their labs and facilities, as well as provide for distinctive needs. University systems add layers to InCommon for multi-campus applications. This session will discuss these other uses of federation.