Shibboleth Workshop Series July 16-17, 2012 – Baltimore, Maryland
Identity Provider * July 16, 2012 * 9:00 a.m.-5:00 p.m. (ET)
Service Provider * July 17, 2012 * 9:00 a.m.-5:00 p.m. (ET)
www.incommon.org/educate/shibboleth
Register now for the Shibboleth Workshop Series, July 16-17, 2012, at the campus of UMBC (University of Maryland Baltimore County) in Baltimore, Maryland. (Our next workshops are tentatively set for Gainesville, Florida, on Oct. 22-23.)
Attendance is limited to 44 for each day. Registration will close when capacity is reached or one week prior to the workshop dates.
Have you decided to deploy a web single sign-on (SSO) system and leverage it to access resources and contracted services through InCommon? Do you need training on installation and support?
Consider attending one or both:
• Shibboleth Identity Provider Workshop on July 16, 2012
• Shibboleth Service Provider Workshop on July 17, 2012
The InCommon Shibboleth Identity and Service Provider Workshops will provide you with technical installation and configuration experience with Shibboleth Single Sign-on and Federating Software, version 2.
Developed for organizations new to Shibboleth and those with existing implementations interested in upgrading to the v2 release, the workshops will offer the chance to:
- Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
- Hear tips for configuring and running the software in production.
- Learn about integration with LDAP directories and selected packages.
Audience
Audience includes higher education and partner organization representatives with knowledge of identity management concepts and related implementation experience. Organizations are encouraged to send one or two attendees who best represent the following functions:
- System install, integration, and ongoing support staff
- Campus technology architects
Register Soon
Register today; participation is limited to maintain program quality. Details, including information on transportation and hotels, are available at the workshop website. NOTE: There is a separate registration process and fee for each workshop (IdP and SP). If you wish to attend both days, be sure to register for each.
Resources
To learn more about Shibboleth, see the Shibboleth wiki. More information on federated identity can be found at www.incommon.org.
THIS SHIBBOLETH WORKSHOP SERIES event is sponsored by InCommon, Internet2, and UMBC.
InCommon has approved three additional service providers for the Research & Scholarship (R&S) category: CarmenWiki, at Ohio State, the LIGO CBC Wiki, and the Penn State WikiSpaces. This brings the total number of R&S service providers to six (see the federation info pages for a complete list).
Service providers (SPs) eligible for the R&S category support research and scholarship activities such as virtual organizations and campus-based collaboration services. Participating identity providers (IdPs) agree to release a minimal set of attributes to R&S SPs (name, email address, user identifier, and affiliation). This can be done with a one-time modification to the IdP’s default attribute release policy, which applies to the entire R&S category. This provides a simpler and more scalable approach for IdPs than negotiating attribute release individually with every service provider.
See the InCommon wiki for complete information about the R&S Category.
Internet2’s InCommon trust service has announced reaching the milestone of 400 participants. InCommon provides a secure and privacy-preserving trust fabric for research and higher education institutions, and their partners, in the United States. The total number of InCommon participants has grown from 264 at the beginning of 2011 to 400 today.
“InCommon has demonstrated a consistent pattern of growth since its inception in 2004,” said Jack Suess, chief information officer and vice president for information technology at the University of Maryland, Baltimore County, and chair of the InCommon Steering Committee. “It is especially gratifying to see that we now have over 100 commercial service providers that are leveraging the power of the InCommon Federation. We are especially pleased to see the interest from vendors and campuses interested in the Internet2 NET+ Service program, which requires InCommon participation.”
The Internet2 NET+ Services program provides “above the network” services to Internet2 member organizations, including higher education, government, and industry. The new services are tailored to the needs of the Internet2 community, are cost and administratively effective, and leverage Internet2ʼs 100G network and InCommon trust services.
The 400 participating InCommon organizations include colleges and universities, research organizations, agencies of the U.S. government, and private companies that offer web-based resources and services. Participants can take advantage of four service offerings, including:
- The InCommon Federation, enabling federated identity management, a secure and privacy-preserving method for accessing third-party resources with one set of credentials. The federation now includes 300 organizations with 6 million faculty, students, and staff (https://incommon.org/federation/info/).
- The InCommon Certificate Service, offering unlimited server and personal certificates to the U.S. higher education community for a fixed annual fee. The number of subscribers has reached 163 in just under two years, saving the higher education community more than $1 million by providing a site license model for all of their certificate needs (certificate.incommon.org).
- The InCommon Assurance Program, providing for standards-based identity practices and higher levels of assurance. Nineteen campuses report working on qualifying for the Silver profile (assurance.incommon.org).
- The InCommon multifactor authentication services, providing easy-to-use and low-cost second-factor authentication services and devices (www.incommon.org/multifactor).
For more information, see www.incommon.org
Internet2 and Duo Security have announced a partnership to offer an easy-to-use and low-cost two-factor authentication technology to protect information and access to services on college campuses. Duo’s technology and cloud service leverage users’ mobile phones as a second factor of authentication. Internet2's InCommon trust federation will enroll campuses through its trust services.
“InCommon worked closely with Duo to design a program that we hope changes the perception of second-factor solutions as costly and hard to deploy,” said Jack Suess, chief information officer and vice president for information technology at the University of Maryland, Baltimore County, and chair of the InCommon Steering Committee. “InCommon’s partnership with Duo will also make this low-cost site license well within reach for just about every college or university in the country that wants to expand deployment on campus.”
Colleges and universities that participate in the program can offer their faculty, staff, and students a higher degree of security that comes through the use of a second factor for authentication. Individuals will still supply passwords, but will also use their mobile phone to secure their logins and transactions.
To prove that a login attempt is genuine Duo Security leverages a user’s mobile phone, something almost everyone carries on today’s college campus. When it’s time to log in, the user enters his or her username and password. Then the user receives a notification from Duo via their phone---by smart phone push notification, text message, or phone call. After confirming that the login attempt was intentional the user is logged in. Duo offers a full range of services for those without smart phones, including text messages, phone calls, and hardware tokens (for those without access to a phone).
“We’re thrilled to be working with Internet2 to help us realize our goal of democratizing two-factor authentication,” said Dug Song, CEO of Duo Security. “This partnership will allow millions of students, faculty, and staff to access authentication security that has historically only been available to large businesses with deep pockets and large IT departments.”
The program is open to any higher education institution in the U.S. and takes advantage of InCommon’s trust services. Internet2 members also receive an additional 10 percent discount.
“We recognize that multifactor authentication is a growing risk mitigation resource for the research and higher education community,” said John Krienke, chief operating officer of InCommon. “This is our first step in helping our campus participants achieve the multi-layered security they need at a transformative, site license price.”
More information about the program, which is expected to open in late May 2012, is available at www.incommon.org/duo.
About Duo Security
Duo Security makes two-factor authentication radically easy to deploy, use, and manage. Duo empowers any web, IT, or network administrator to easily protect accounts by leveraging their users’ mobile phones for secondary authentication. Every day, over 500 organizations with users in over 80 countries rely on Duo to secure their logins and transactions. Learn more and try it for free at duosecurity.com.
About Internet2
Internet2® is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve common technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions. For more information, visit www.internet2.edu.
About InCommon
InCommon®, operated by Internet2, serves the U.S. education and research communities, supporting a common framework of trust services, including the U.S. identity management trust federation for research and education, a community-driven Certificate Service, and a multifactor authentication program. The InCommon Federation enables scalable, trusted collaborations among its community of participants. The Certificate Service offers unlimited certificates to the U.S. higher education community for one fixed annual fee. InCommon has 400 participants serving 6 million faculty, students, and staff at higher education institutions and research organizations, as well as their sponsored partners. For more information, see www.incommon.org.
Two-Factor Authentication Ahead for Federation Manager
InCommon is introducing two-factor authentication to protect the Federation Manager, the application site administrators use to update their organization’s metadata. This data is critical to establishing the trust backbone of the InCommon Federation. Although the current login system requires the use of strong passwords, adding two-factor authentication will substantially increase account security. This is in response to a risk assessment of the Federation Manager undertaken by the InCommon Technical Advisory Committee.
InCommon chose Duo Security’s two-factor authentication technology because it leverages mobile phones, devices almost all users already have. To authenticate, a user first types a password and then confirms the login attempt with the Duo Mobile smartphone app. After confirming the login attempt, the user is authenticated. Duo also supports second-factor delivery via text message, phone call, and one-time password tokens.
InCommon Registration Authority administrators are already using Duo two-factor authentication to log into the Federation Manager. Site administrators will begin logging in with a second factor in June. The transition to Duo two-factor is expected to continue throughout the summer. More information about Duo Security is at www.duosecurity.com.