Working Group Will Focus on Use of External Identities
The InCommon Technical Advisory Committee is forming an External Identities Working Group to address follow-on issues that were identified by the now-completed Social Identities Working Group.
The mission of the External Identities Working Group is to move the community of knowledge towards the goal of making external identities useful and sufficiently trusted in a variety of campus-based use cases. This group is focused on the use of external identities by individuals, rather than an enterprise using an external identity provider as their enterprise IdP.
Specific goals for the External Identities Working Group include:
- Exploring/developing deployment models for using external identities in a variety of risk profiles
- Identifying and examining the technical components that are needed to make external identities useful across a broad array of services
- Exploring the notion of account linking between a campus-issued account and an external account
- Understanding the differences between external identities and local identities
Membership in the Working Group is open to all interested parties. Members join the Working Group by subscribing to the mailing list, participating in the phone calls, and otherwise actively engaging in the work of the group. The Working Group is expected to complete its work by December 31, 2014. More information is available form the Working Group's wiki space at https://spaces.at.internet2.edu/x/-gTkAg.
If you would like to participate:
- Subscribe to the working group email list by sending an email to sympa@incommon.org with the following subject line: subscribe external-id (or by visiting the external-id list manager directly at lists.incommon.org).
- Browse to https://spaces.at.internet2.edu, then login and make sure your electronic mail address and name are properly set in your profile so we can give you edit access to the wiki space
Alternative Identity Provider Working Group Aims to Make IdP Deployment Easier
Is your campus making increased use of cloud-based services? Are you caught between the poles of giving people new credentials for every new service, and not knowing where to start on the technical and policy issues related to deploying a federated infrastructure that would allow SSO? Are you interested in accessing this type of framework but have experienced hurdles deploying Shibboleth?
InCommon's Alternative IdPs (Identity Providers) Working Group is seeking to increase participation within InCommon by identifying alternatives for making IdP deployment easier. Examples of such alternatives include outsourcing and alternative technical platforms, such as Microsoft's ADFS. We are looking for representatives who are interested in identifying what the problems are and developing recommendations that would work for them. Examples of problems may be a lack of the technical or staff resources needed to stand up and maintain a locally run IdP, or a management or governance system that presents difficulties.
The Group is also looking for InCommon Affiliates that provide identity services and who have worked with campuses on hosted solutions.
Instead of being focused solely on technical answers, the Group will focus on the implications of pursuing alternative approaches to standing up an IDP. It will also outline the problems a solution solves and what problems it may create.
For more details, please see https://spaces.at.internet2.edu/display/altidp/Home
From there, log into Confluence to see the Group Charter at https://spaces.at.internet2.edu/display/altidp/Alternative+IdPs+Working+Group+Charter
For information on accessing the wiki see, https://spaces.at.internet2.edu/display/IWS/Getting+access+to+the+Internet2+federated+wiki
Join us by sending an email to sympa@incommon.org with the following subject line: subscribe alternative-idp (or visit the alternative-idp list manager directly).
The first meeting will be scheduled soon.
Internet2’s InCommon and XSEDE develop service that provides internationally accepted digital certificates for cyberinfrastructure
Digital certificates accredited by the Interoperable Global Trust Federation (IGTF) are now available to subscribers of Internet2’s InCommon Certificate Service. These certificates enable secure connections between services in XSEDE (the Extreme Science and Engineering Discovery Environment) and other cyberinfrastructure providers, including Open Science Grid and the European Grid Infrastructure
In contrast to the digital certificates used on web sites, IGTF server certificates secure the distributed computing systems that provide access to supercomputers, data archives, and other research infrastructure. The InCommon IGTF server certificates are an additional option, provided at no additional charge to subscribers, alongside the other certificate types already available. Subscribers should choose the IGTF certificate option when working with IGTF relying parties such as XSEDE.
In October 2012, InCommon and XSEDE members began working together to develop the new InCommon IGTF Server Certification Authority (CA) and obtain the necessary IGTF accreditation to issue internationally accepted digital certificates. Jim Basney led the effort, working closely with Joe St Sauver, who manages the InCommon Certificate Service.
"The new InCommon CA, which provides IGTF server certificates, complements our CILogon CA, which provides IGTF user certificates based on InCommon Federation authentication," said Basney, who is a member of the XSEDE project and a member of the InCommon Technical Advisory Committee.
"Our partnership with InCommon on the IGTF CA service is an example of XSEDE’s continued integration with campus infrastructure,” said Randy Butler, XSEDE’s chief security officer. "The InCommon Certificate Service is developed and sustained by active InCommon participants, providing a stable service for national-scale cyberinfrastructure."
"This joint effort with XSEDE has enabled InCommon to develop another service of value to the research community," said John Krienke, director of trust services at Internet2 and InCommon’s chief operating officer. "The InCommon Certificate Service and InCommon Federation together provide an interoperable framework for authentication of users and servers increasingly relied upon for research collaborations."
For more information, visit https://www.incommon.org/certificates/igtf/
About Internet2’s InCommon
InCommon®, operated by Internet2®, serves the U.S. education and research communities, supporting a common framework of trust services, including the U.S. identity management trust federation for research and education, a community-driven Certificate Service, an Assurance Program providing higher levels of trust, and a multifactor authentication program. InCommon has more than 600 participants serving 7 million individuals at higher education institutions and research organizations, and their sponsored partners. Nearly 300 InCommon participants also subscribe to the InCommon Certificate Service (http://www.incommon.org/certificates/subscribers.cfm
About XSEDE
XSEDE (www.xsede.org) is a virtual organization that provides a dynamic distributed infrastructure, support services, and technical expertise that enable researchers, engineers, and scholars to address the most important and challenging problems facing the nation and world. XSEDE supports a growing collection of advanced computing, high-end visualization, data analysis, and other resources and services. XSEDE is funded by the National Science Foundation.
IAM Online – Wednesday, July 16, 2014
3 pm ET / 2 pm CT / 1 pm MT / Noon PT
www.incommon.org/iamonline
Link to the recorded Adobe Connect session ****
Recipes for Cloud Service Deployment
Federating with cloud services has become a popular trend. Cloud services can benefit your organization, but to make a service deployment successful, it’s essential to follow best practices. The Committee for Institutional Cooperation (CIC) Identity Management Task Force has been working on a cloud services cookbook to provide recipes for successful cloud service deployment. In this IAM Online, we’ll provide an update on the cookbook project, some use cases, and some success stories from those already using the cookbook.
Speakers:
Keith Brautigam, Sr. System Administrator, University of Iowa
Keith Wessel, Identity Management Service Manager, University of Illinois at Urbana-Champaign
Mark Nye, Principal Application Integration Professional, University of Illinois at Urbana-Champaign
Moderator: Keith Hazelton, Sr. IT Architect, University of Wisconsin-Madison
Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.
About IAM Online
IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information and Security Council.