InCommon has added a new discussion list for those interested in the InCommon Assurance Program (also known as Bronze and Silver Identity Assurance Profiles). The list will serve as a place for InCommon participants to pose questions and answers about the Assurance program itself, including requirements and compliance, as well as have discussions about individual campuses and groups of campuses working to adopt Bronze and Silver.
The Identity Assurance program provides a set of standards for best practices in identity management. Some online services, such as those related to financial aid and managing federal research grants, will require higher levels of assurance. Some federal government agencies plan to offer these services in Fall 2011.
To subscribe to this discussion list, send email to sympa@incommon.org with this in the subject line: subscribe assurance.
For more information about the Assurance program, see www.incommon.org/assurance.
Research organizations, including government labs and virtual organizations, can now join InCommon and take advantage of federated identity management for shared services, scientific collaborations, and other online applications.
“By joining InCommon, scientists at U.S. research facilities and universities can more easily share resources, which will improve collaboration,” said Jack Suess, chair of the InCommon Steering Committee and vice provost of information technology and chief information officer at UMBC. “With the close connection between universities and research organizations, and the growing popularity of virtual organizations, this should be a big boost and time saver for all of our participants.”
This is the third category of organizations now eligible to join InCommon. In addition to research organizations, the 290 participants include higher education institutions and sponsored partners – companies and non-profits that offer web-based resources and services. InCommon is operated by Internet2 and provides a suite of trust services for the U.S. education and research communities.
Particular interest and motivation came from Science Identity Federation, a project funded by the Department of Energy Office of Science, and organized by Energy Sciences Network (ESnet) and Lawrence Berkeley National Lab with support from other DOE national labs and facilities.
Fostering collaboration is one of the main objectives of the InCommon Federation. The federation provides a secure and privacy-protecting method for giving individuals access to protected or licensed online resources, such as library databases, multimedia content, research information, collaboration tools, and services provided by government agencies. In a federation, all participating organizations agree on standard policies, practices and technology standards for all interactions, making it easily scalable.
For more information on InCommon and a full list of participants, visit: http://www.incommon.org.
An informational webinar about the InCommon Certificate Service will take place Wednesday, June 29, at 3 p.m. EDT. The program will include a high-level overview from Jack Suess, chair of the InCommon Steering Committee, and we'll hear from two participating institutions.
Unparalleled cost savings is the number one reason to consider the InCommon Certificate Service. Higher Education Institutions large and small are reporting the ability to issue unlimited certificates for one annual fee with substantial savings. One large state university system and current subscriber, anticipates annual savings of $325,000, and many large individual campuses report savings of $75,000-$90,000 per year.
You can see additional information about the certificate service and you can register for the webinar today (it's free) and we will send you complete information.
AegisUSA, a leading Identity and Access Management solution provider with extensive expertise in higher education, has renewed as an InCommon Affiliate.
The InCommon Affiliate Program provides the research and education community with a way to connect with partners able to help build the necessary underlying infrastructure that supports federated access.
“We are thrilled to continue our strategic relationship with InCommon to support the federated identity requirements of the higher education marketplace”, said Ralph Armijo, CEO of AegisUSA, “and we are confident in our abilities to quickly and efficiently deploy Shibboleth, CAS, and related IdM solutions in this space. We also look forward to participating in the revised Bronze and Silver certification program updates this year.”
AegisUSA is an identity management and access management solution provider with more than 70 higher education clients. The company’s solutions include TridentHE, the first identity management software suite designed for higher education. Additionally, AegisUSA provides a set of services and products to support the goals of InCommom, including professional services to implement Shibboleth CAS, and a Federated Identity Appliance for Education.
“We’re pleased that AegisUSA continues to find value in the InCommon Affiliate Program,” said John Krienke, chief operating officer of InCommon. “Their experience in helping colleges and universities implement federated identity management provides a key benefit for our higher education participants.”
For more information, and a list of current affiliates, go to www.incommon.org/affiliate.
ABOUT AegisUSA
Founded in 2004, AegisUSA is a leading provider of Identity and Access Management (IAM) products and services. AegisUSA offers a broad portfolio of cost-effective open standards-based IAM solutions including: Enterprise IAM Suite, TridentHE IAM Suite (focused on Higher Education), and specialized pre-package IAM Appliances. Part of AegisUSA’s superior solutions includes employing consistent, standards-based implementation methodologies supporting the entire IAM implementation — not just the software. AegisUSA's technology-enabled methodology delivers a significant reduction in implementation costs and timeframes compared to traditional implementations without AegisUSA. For more information, please visit AegisUSA on the web at www.aegisusa.com.
InCommon News - June 7, 2011
---------------
In This Issue
- June 15 IAM Online: Grab the Bronze and Silver Ring: Identity Assurance Progress
- InCommon Supporting New Metadata Elements
- CAMP Coming June 21-23: Registration Still Open
- Shibboleth Workshops Slated for July 21-22 in Milwaukee
- Steering Approves Refined Assurance Documents
- Certificate Service Offers Client (Personal) Certificates
- Legacy WAYF Decommissioning Planned for July 6
- New Participants for June
- Featured InCommon Affiliate: Aegis USA
- Featured InCommon Affiliate: Unicon
---------------
June 15 IAM Online: Grab the Bronze and Silver Ring: Identity Assurance Progress
June’s IAM Online webinar will look at the refined documents and the process of achieving Bronze and Silver. Weds., June 15, 3 p.m. ET. www.incommon.org/iamonline
---------------
InCommon Supporting New Metadata Elements
During the week of June 13, InCommon will deploy several new metadata elements aimed at delivering additional information about identity providers and service providers, improving the user experience, and enabling the process of user consent. https://spaces.at.internet2.edu/x/o4mKAQ
---------------
CAMP Coming June 21-23: Registration Still Open
Looking for concrete solutions to your most pressing identity-related challenges? Want to know more about the hot topics in federated identity today? Or just want to get an introduction to federated identity management? Come to CAMP! https://spaces.at.internet2.edu/x/JwBSAQ
---------------
Shibboleth Workshops Slated July 21-22 in Milwaukee
Need training on Shibboleth installation and support? Leave the Shibboleth Workshops with an installed instance of the identity provider and/or the service provider software. www.incommon.org/educate/shibboleth
---------------
Steering Approves Refined Assurance Documents
Version 1.1 of the two foundational documents for the InCommon Identity Assurance Program have been approved, clarifying and updating requirements for complying with Bronze and Silver. www.incommon.org/assurance/
---------------
Certificate Service Offers Client (Personal) Certificates
The InCommon Certificate Service has rolled out client (e.g. personal) certificates. Unlimited client certificates are part of the base package that includes SSL, EV and, soon, code signing certificates. All are available to the higher education community for one fixed annual fee for all domains you own or control. www.incommon.org/cert
---------------
Legacy WAYF Decommissioning Planned for July 6
InCommon rolled out the Discovery Service in February, replacing the old WAYF. A redirect from the WAYF to the DS was installed at that time. That redirect is scheduled to be removed on July 6. You can see the announcement at https://spaces.at.internet2.edu/x/OgBoAQ
---------------
New Participants in May
Higher Education
• Coppin State University
• Santa Barbara City College
• University of Miami
Sponsored Partners
• Benelogic
• Washington Research Library Consortium
---------------
About Benelogic
Benelogic (www.benelogic.com) provides a range of intuitive web-based employee benefits management solutions to save staff, members and organizations time, money, and aggravation. Better decision making, better data entry, better data transfers and better information provide the foundation to strong and straightforward benefit management. Organizations seeking to minimize password fatigue, recentralize, track and manage user authentication leverage our single sign on technology. By combining expertise, flexibility, and technology, Benelogic alleviates the frustrations and challenges of managing employee benefits to directly benefit organizations’ bottom lines.
---------------
About the Washington Research Library Consortium
The Washington Research Library Consortium (www.wrlc.org) was established in 1987 by some of the major universities in the Washington D.C. area to share library collections and information technology in order to enhance the resources available to their students and faculty.
WRLC provides mission-critical services to its member universities:
• information technology supporting library operations and resource-sharing
• access to online resources
• technologies to support digital collections and share campus scholarship, and
• offsite storage to free valuable space in campus libraries.
---------------
Featured InCommon Affiliate: Aegis USA
Founded in 2004, AegisUSA is a leading provider of Identity and Access Management (IAM) products and services. AegisUSA offers a broad portfolio of cost-effective open standards-based IAM solutions including: Enterprise IAM Suite, TridentHE IAM Suite (focused on Higher Education), and specialized pre-package IAM Appliances. Part of AegisUSA’s superior solutions includes employing consistent, standards-based implementation methodologies supporting the entire IAM implementation — not just the software. AegisUSA's technology-enabled methodology delivers a significant reduction in implementation costs and timeframes compared to traditional implementations without AegisUSA. For more information, please visit AegisUSA on the web at www.aegisusa.com.
---------------
Featured InCommon Affiliate: Unicon
Unicon, Inc., is a leading provider of IT consulting services for the education market. Unicon works closely with colleges, universities, and corporations to find the best solutions to meet their business challenges. Unicon specializes in using open source technologies to deliver flexible and cost-effective systems in the areas of enterprise portals, learning management systems, identity and access management, online video, calendaring, email, and collaboration. Unicon is a Sakai Commercial Affiliate; an InCommon Affiliate; an Industry Member of Internet2; a Jasig and VMware Partner; an authorized Solution Provider for CAS, uPortal, and VMware; a services partner and reseller of Kaltura, Liferay, and Zimbra; and a Contributing Member of the IMS Global Learning Consortium. For more information, visit: www.unicon.net.
--------------------
InCommon News is published for InCommon participants and other interested parties. InCommon is an LLC of Internet2. Send feedback or comments to incommon-info@incommon.org.
This newsletter is sent to incommon-announce@incommon.org. To subscribe or unsubscribe, send an email to sympa@incommon.org with one of these messages in the subject: subscribe incommon-announce or unsubscribe incommon-announce. You can also subscribe to the InCommon RSS news feed, which includes this newsletter, by visiting www.incommon.org.
InCommon is adding metadata elements that will allow identity providers and service providers to tell each other more about their services and attribute needs so that a whole host of better, easier, more scalable transactions can happen. You can read the background information on InCommon’s overall plans for better attribute management across the federation at https://spaces.at.internet2.edu/x/TRWp
During the week of June 13, InCommon will deploy several new metadata elements aimed at delivering additional information about IdPs and SPs, improving the user experience, and enabling the process of user consent. This is part of a commitment by InCommon to provide new methods for managing attributes with the goal of making federation easier to use and operate.
WHY:
- improve the user experience by providing a user-friendly name and description of services
- display user-understandable attribute descriptions to simplify and facilitate user consent
- provide a means for SPs to communicate required attributes to IdPs in metadata
- take initial steps toward automated user consent
WHAT:
IdPs and SPs will populate additional metadata elements including:
- Display Name (required) – a user friendly name for the service
- Description – a brief (100 character) description of the service
- Information URL – a link to a service information page
- Privacy Statement URL – a link to a privacy policy targeted at users
- Logo URL – a service logo for building graphical user interfaces
- Requested Attributes (SPs only) – to present to the user on the consent page
For descriptions of the new user interface elements for both SP and IdP administrators, see https://spaces.at.internet2.edu/x/2YGKAQ
Descriptions of the SP-only requested attributes are at https://spaces.at.internet2.edu/x/8YGKAQ
HOW:
Those site administrators who maintain metadata for their organizations will populate these fields via a forms-based interface provided by InCommon.
WHEN:
The new metadata elements will be available for production use during the week of June 13. In the meantime, you can test the new metadata now!
http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
To view the new metadata elements, search for “UIInfo” and “AttributeConsumingService” in the XML file. If you have the opportunity to test this metadata file in your environment, please do so and let us know what you find out (incommon-admin@incommon.org).
This rollout is part of our desire to create conditions for better attribute management and to enhance scaling of federated access. As always, we're open to hearing from you about how to continue to improve and add value to the federation.
The InCommon Steering Committee is pleased to announce that it has approved version 1.1 of the two foundational documents of the InCommon Identity Assurance program: the Identity Assurance Assessment Framework (IAAF) and the Identity Assurance Profiles (IAP), also known as InCommon Bronze and Silver.
The InCommon Identity Assurance program will offer InCommon participants a means to certify their identity management practices as being compliant with the provisions defined in the Assurance Profiles. Some service providers, such as those involved in financial aid and managing federal research grants, are looking to better manage their risk by encouraging compliance with the InCommon program. Some federal government agencies plan to incorporate assurance into their services this fall.
“I applaud the InCommon Technical Advisory Committee, and our early adopter campuses, for developing documents that are easier to understand and will provide a clearer path for compliance,” said Jack Suess, chair of the InCommon Steering Committee. “Thanks to the changes and these refined documents, every institution implementing higher levels of assurance will reap the benefits of greatly reduced time and effort.”
The changes in the documents (from the 1.0 versions) are intended to:
- remove some burdensome outdated requirements and references
- harmonize terminology
- clarify requirements
- separate technical measures from compliance processes
A group of early-adopter campuses from the Committee on Institutional Cooperation (CIC) provided significant input for the changes while working through the assessment process with the v. 1.0 documents. The changes also reflect updated requirements published by the U.S. government’s ICAM (Identity, Credential and Access Management) program. As a result, both government requirements and real-world experience from campuses have been incorporated.
The next IAM Online (June 15 at 3 p.m. ET) will feature a discussion of the new assurance documents and next steps toward implementation of the Bronze and Silver Assurance Profiles. (www.incommon.org/iamonline).
InCommon has published the documents and related support material, including an FAQ and a summary of the changes from v1.0 to v1.1, at www.incommon.org/assurance.
Shibboleth Workshop Series
Identity Provider * July 21, 2011 * 9:00 a.m.-6:00 p.m. (CDT)
Service Provider * July 22, 2011 * 9:00 a.m.-6:00 p.m. (CDT)
University of Wisconsin-Milwaukee * Milwaukee, Wisconsin
www.incommon.org/educate/shibboleth/
Register now for the Shibboleth Workshop Series, July 21-22, 2011, in Milwaukee, Wisconsin.
Have you decided to deploy a web single sign-on (SSO) system and leverage it to access resources and contracted services through InCommon? Do you need training on installation and support?
Consider attending one or both:
- Shibboleth Identity Provider Workshop on July 21, 2011
- Shibboleth Service Provider Workshop on July 22, 2011
The InCommon Shibboleth Identity and Service Provider Workshops will provide attendees with technical installation and configuration experience with Shibboleth Single Sign-on and Federating Software, version 2.
Developed for organizations new to Shibboleth and those with existing implementations interested in upgrading to the v2 release, the workshops will offer attendees the chance to:
• Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
• Hear tips for configuring and running the software in production.
• Learn about integration with LDAP directories and selected packages.
AUDIENCE includes higher education and partner organization representatives with knowledge of identity management concepts and related implementation experience. Organizations are encouraged to send one or two attendees who best represent the following functions:
• System install, integration, and ongoing support staff
• Campus technology architects
REGISTER SOON (http://www.incommon.org/educate/shibboleth/registration.html) to reserve a seat. Participation is limited to maintain program quality. For those staying overnight, there is a list of hotels on the workshop website (www.incommon.org/educate/shibboleth). NOTE: There is a separate registration process and fee for each workshop (IdP and SP). If you wish to attend both days, be sure to register for each.
RESOURCES: To learn more about Shibboleth, see shibboleth.internet2.edu. More information on federated identity can be found on the InCommon Federation site: www.incommon.org.
THIS SHIBBOLETH WORKSHOP SERIES event is sponsored by InCommon, Internet2, the University of Wisconsin-Milwaukee, the University of Wisconsin-Madison, and WiscNet.
IAM Online - Wednesday, June 15, 2011
3 p.m. ET / 2 p.m. CT / 1 p.m. MT / Noon PT
www.incommon.org/iamonline
Grab the Bronze and Silver Ring: Identity Assurance Progress
Levels of Assurance (LoAs) have gained higher visibility recently, but what does this mean for your identity management system or current on-boarding processes? Some service providers may roll out applications requiring a higher LoA as early as this fall. In preparation, InCommon has recently refined the requirements for the Bronze and Silver identity assurance profiles (IAPs) to better align with the needs of these service providers and support the diversity of Identity Provider environments.
What will be involved in reaching Bronze or Silver? Which services will require these assurance profiles? Why should your campus care and how can you start to prepare?
Join us June 15, at 3 p.m. EDT, for an IAM Online that will address the InCommon Identity Assurance Program, including Bronze and Silver, and what campuses are doing now to adopt these assurance profiles.
Host and Speakers
Tom Barton (host), Sr. Director – Architecture, Integration and CISO, University of Chicago
R.L. “Bob” Morgan, Sr. Technology Architect, University of Washington
Renee Shuey, Principal Lead – Identity and Access Management, Penn State
Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.acrobat.com/iam-online. For more details, see www.incommon.org/iamonline.
About IAM Online
IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.