IAM Online - Wednesday, May 9, 2012
3 p.m. ET / 2 p.m. CT / 1 p.m. MT / Noon PT
www.incommon.org/iamonline
The Emerging Legal Framework for Identity and Access Management
This session will explain the legal issues raised by identity management, including liability and privacy. It will explore how existing laws and regulations govern identity management activities, and identify the legal barriers that such laws create. Then, building on the ongoing work of the American Bar Association Identity Management Legal Task Force, it will explain how a private contract based legal framework can be constructed to address the requirements for a trustworthy identity system. It will also examine the impact of the proposed NSTIC identity system framework on this process.
Speaker: Tom Smedinghoff, partner at Edwards Wildman Palmer LLP, and chair of the American Bar Association Identity Management Legal Task Force
Moderator: Chris Holmes, Assistant General Counsel, Baylor University, and member of the InCommon Steering Committee
Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.
About IAM Online
IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. Experts provide overviews, answer questions and lead discussions. IAM is brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.
Internet2 has bestowed its 2012 Presidents Award to R.L. "Bob" Morgan, co-chair of the InCommon Technical Advisory Committee, chair of the Middleware Architecture Council for Education (MACE), and one of the architects of InCommon. Bob is a senior information architect at the University of Washington. The award recognizes individuals from Internet2's membership for their exemplary service for the benefit of the national and global research and education community.
"Much of the success of the Internet2 middleware work is due to it leveraging the remarkable expertise of the people in the community," said Ken Klingenstein, director of the Internet2 Middleware and Security Initiative. "Among those smart people have been a few who have added wisdom to the mix. And among those precious few wise folks, there has been one who provides the light to it all. That one person is R.L. 'Bob' Morgan."
Available now are proposed revisions to the foundational documents of the InCommon Assurance Program. The candidate v1.2 releases of the InCommon Identity Assurance Assessment Framework (IAAF) and the InCommon Identity Assurance Profiles (IAP) are open for community comment now through 5pm ET May 7, 2012. Please see:
- Assurance 1.2 Specification Review (https://spaces.at.internet2.edu/x/KYXNAQ) for the documents,
- InCommon Assurance 1.2 Review Guide (https://spaces.at.internet2.edu/x/T4XNAQ) for details about what's changed and
- FAQ (https://spaces.at.internet2.edu/x/4oXNAQ) for additional information about the revisions and process.
The revisions to the IAP primarily address the US Government need for rapid ubiquitous deployment of Bronze. Updates to the IAAF clarify audit reporting.
Community Discussions have been scheduled:
Thursday April 19 Noon ET - Introduction to the release candidates
- join https://internet2.adobeconnect.com/inc-assurance for slide sharing
- to participate in the conversation, also dial in (734-615-7474 or 866-411-0013. Use the PIN: 0121683#).
Wednesday May 3 Noon ET - Monthly Assurance Call: Final discussion on release candidates
- to participate in the conversation, also dial in (734-615-7474 or 866-411-0013. Use the PIN: 0113802#).
Thank you
The community wishes to thank the schools that have been working on these updates – the Committee for Institutional Cooperation (CIC)'s Silver Audit team, which includes the Big Ten plus the University of Chicago, along with the University of Washington and Virginia Tech. The University of California schools have also been engaged in providing audit feedback. We also wish to thank the review committee for updates to the framework and accompanying profiles, and the auditor representatives on the Assurance Advisory Committee for providing guidance for their peers.
General information about the Assurance program can be found at assurance.incommon.org.
Sincerely,
Mary Dunker, Chair
Assurance Advisory Committee
Jack Suess, Chair
InCommon Steering Committee
Currently a site may have up to two site administrators who manage metadata via a web interface called the Federation Manager. For sites with only a few entities published in metadata, this maintenance process works reasonably well, but for sites with dozens of entities in metadata, this isn't very practical. In the latter case, the site administrators become a bottleneck that prevents the timely management of metadata.
Delegated administration of metadata addresses this issue. The term delegated administration refers to the ability of a site administrator to securely delegate responsibility for administering metadata to another administrator called a delegated administrator, thereby offloading the administration of metadata to a trusted third party.
Delegated administration of SP metadata has been implemented in the Federation Manager and is being tested as we speak. We anticipate giving a live demo at the Spring 2012 Internet2 Member Meeting. In the meantime, the attached screen shot will give you some idea of how easy it is for a site administrator to create a delegated administrator in the Federation Manager.
We think delegated administration is a potential game changer. Using this new feature, a site can now safely and easily manage large numbers of entities in metadata. Instead of having to create local tools and processes to manage SP metadata, a site can now leverage the Federation Manager directly instead of reinventing the wheel. Delegated administration will accelerate the growth of SP entities in InCommon metadata. We are already seeing this happen. We welcome this growth spurt and are scaling our infrastructure to handle the influx. The delegated administration feature is the first step in that direction.
InCommon has approved the first three service providers for the Research & Scholarship (R&S) category: CILogon, the Prototype GENI Identity Portal, and the UW-Milwaukee CGCA Wiki. Service providers eligible for the R&S category include those that support research and scholarly activities such as virtual organizations and campus-based collaboration services.
Participating identity providers (IdPs) agree to release a minimal set of attributes to the R&S category (name, email address, user identifier, and affiliation). This can be done with a one-time modification to the IdP’s default attribute release policy, which applies to the entire R&S category. This provides a simpler and more scalable approach for IdPs than negotiating attribute release individually with every service provider.
The first three R&S services are:
- CILogon, which provides the NSF research community with credentials for secure access to cyberinfrastructure (CI). The service bridges the identity credentials generated by the nation’s universities, through InCommon, to a certificate for authentication to NSF’s cyberinfrastructure projects.
- The Prototype GENI Identity Portal, which will bridge InCommon to GENI, the Global Environment for Network Innovations. GENI is a distributed, federated research testbed for computer networking. Network researchers, primarily but not exclusively academic researchers, use to perform "at-scale" computer network experiments.
- The UW-Milwaukee CGCA Wiki supports collaborative research efforts in gravitation, cosmology, astrophysics, and astronomy for a number of faculty in the University of Wisconsin-Milwaukee Physics Department, as well as their colleagues throughout the world.
See the InCommon wiki for complete information about the R&S Category.
InCommon has added a number of new features to its dynamic web pages that provide information about all of the services available throughout the InCommon Federation. We hope this increases the value of federation for:
- Sponsored Partners, by showing more information about the services you provide.
- users of services, by enabling you to find new federated services.
This version of the Federation Info Pages includes some new pages:
- a list of all organizations published in Federation metadata
- for each organization, a list of IdPs and SPs that that organization has deployed
The above pages are in addition to existing Federation Info Pages:
- lists of all identity providers and services providers deployed in the Federation
- individual pages for each that include:
- the organization’s logo
- names and descriptions of services
- links for information and privacy statements
- contact information
- for service providers, a list of requested attributes.
All of the pages – new and existing – have also been enhanced to include:
- exclusive use of modal dialogues (instead of popping up new windows)
- better error handling and reporting (using modal dialogues)
- a consistent look-and-feel across all pages
- better browser caching (and therefore faster load times)
- more technical information per entity on demand
You can access all of these pages by visiting https://incommon.org/federation/info/
If you find missing information for your organization or service, contact your local site administrator to add the appropriate elements to your metadata. In particular, you’ll see a number of service providers listed under “other.” Your administrator can fix that simply by providing a display name in metadata.
You can also visit our FAQ (https://spaces.at.internet2.edu/x/5IOVAQ) for more information.