Blog from October, 2014

InCommon Seeks Nominees for Steering Committee
Dean Woodbeck (internet2.edu) posted on Oct 17, 2014

InCommon Seeks Nominees for Steering Committee

InCommon is seeking nominees to serve three-year terms on its Steering Committee beginning January 2015. InCommon operates the U.S. identity federation for higher education and its sponsored partners, and operates successful certificate and multifactor authentication services.

The Steering Committee is responsible for overseeing and advising Internet 2 on InCommon's identity services, activities and initiatives. InCommon Steering coordinates its work within the TIER (Trust and Identity in Education and Research) and has representation on the TIER Oversight Committee. Members are selected to represent the broadest community of higher education institutions and its many partners. For a current list of members, please see http://www.incommon.org/about.

InCommon meets once a month via teleconference and twice a year during Internet 2 conferences. Members also serve on one of two subcommittees (Program Subcommittee and External Relations and Governance Subcommittee). Subcommittees meet as needed, on average once or twice a month. Steering Committee meeting notes are posted at: https://spaces.at.internet2.edu/x/SAhOAg

To nominate an individual, including yourself, please send your recommendation to nominations@incommon.org by November 15th. The Steering Committee will consider a broad roster of the highest caliber of candidates for its open seats.

Please distribute this message to your colleagues as appropriate.

Thank you for taking the time to consider the future of your InCommon.

Research & Scholarship Category Identity Providers Reach 100 Mark
Dean Woodbeck (internet2.edu) posted on Oct 17, 2014

Research & Scholarship Category Identity Providers Reach 100 Mark

With the addition of the Weill Cornell Medical College, InCommon now has 100 identity providers supporting the Research & Scholarship (R&S) Category. An Identity Provider that supports R&S releases a minimal set of attributes to all services in the category. Today there are 27 such services. Visit our web site for a complete list of participating identity providers and service providers: https://incommon.org/federation/info/all-sp-categories.html

Research and scholarship activities in higher ed extend beyond the boundaries of the campus and increasingly so do the applications that support collaboration. By making a one-time change to its IdP’s attribute release policy, a campus can leverage federated identity management to allow faculty and researchers to instantly access participating research collaboration services.

To participate, an identity provider configures its attribute release policy to release basic information to the entire R&S category, including person name and email address plus a user identifier that allows for seamless access across various collaboration services hosted at different locations. For details, see: https://spaces.at.internet2.edu/x/aAbvAQ

Benefits include:

  • Convenience for faculty and researchers: they instantly access participating services using campus credentials without administrator involvement
  • Simplifying collaboration: When a research project adds a service to the category, collaboration across participating campuses is immediate
  • Vetted services: InCommon reviews each service application for adherence to the category definition and requirements
  • Time and resource savings: once enabled, there is no additional involvement of IT staff to provision new R&S services

Service providers can apply for R&S designation by completing a simple form at https://spaces.at.internet2.edu/x/Sxb5AQ. An R&S service enhances the research and scholarship activities of some subset of the InCommon community and adheres to a few basic technical requirements.

By adopting R&S, an identity provider greatly simplifies the lives of researchers by providing a minimal set of attributes to an entire category of service providers. Virtual organizations and collaborative services no longer need to negotiate with every identity provider.

Registration Open for Shibboleth Installation Workshops Nov 10-11 in Salt Lake City
Dean Woodbeck (internet2.edu) posted on Oct 15, 2014

Registration Open for InCommon Shibboleth Installation Workshops in Salt Lake City

InCommon Shibboleth Installation Workshop
November 10-11, 2014
www.incommon.org/shibtraining
University of Utah Guest House and Conference Center

Need training on Shibboleth installation? Registration is now open for the next InCommon Shibboleth Installation Workshop, November 10-11, 2014, at the University of Utah in Salt Lake City. Attendees will spend one day installing the identity provider software and one day on the service provider software.

This directed self-paced workshop allows attendees to move through the material at their own speed, while having experienced trainers provide overviews and one-on-one help with the process. The workshops provide technical installation and configuration experience with Shibboleth version 2.x. Attendance is limited to 40 registrants each day.

The workshops will offer the chance to:

  • Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
  • Hear tips for configuring and running the software in production.
  • Learn about integration with LDAP directories and selected packages.

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

UMBC Achieves Bronze Certification
Dean Woodbeck (internet2.edu) posted on Oct 14, 2014

UMBC Achieves Bronze Certification

The University of Maryland Baltimore County (UMBC) has become the third higher-education organization to become certified for the Bronze Identity Assurance Profile under the InCommon Assurance Program.

UMBC is also the second to use the representation of conformance method to qualify for Bronze certification. Using this simplified approach for Bronze requires no audit; the identity provider attests to compliance by signing the assurance addendum to the InCommon participation agreement.

“UMBC believes Identity management is absolutely essential to campus cyber security, and Bronze and Silver represent consensus best practice in identity management,” said Jack Suess, vice president of information technology and CIO at UMBC. “It is in our interest to utilize these best practices in designing and implementing our identity management processes.”

InCommon developed the assurance program as part of its mission to provide secure and privacy-preserving trust services for its participants. Enabling higher-value, higher-risk services requires increased trust by the organizations that run the identity and cloud services.

InCommon currently has two US-Government approved assurance profiles — Bronze and Silver. Bronze is comparable to the National Institute of Standards and Technology (NIST) Assurance 1 level, which has credential security adequate for basic Internet interactions. Silver, comparable to NIST’s level of Assurance 2, requires proof of identity and has security appropriate for higher-risk transactions.

More information about the assurance program is at assurance.incommon.org.

October 2014 InCommon Update
Dean Woodbeck (internet2.edu) posted on Oct 14, 2014

October 2014 InCommon Update

InCommon has published the October 2014 InCommon Update including these topics:

  1. October IAM Online Features Bronze Assurance
  2. ACAMP and CAMP part of upcoming Technology Exchange
  3. Certificate Service moving to more-secure SHA-2
  4. More campuses adopt Research & Scholarship Category
  5. UMBC Achieves Bronze Assurance
  6. IDM Integration joins Affiliate Program
  7. CSU-Pueblo Latest Quilt/InCommon Pilot
  8. Upcoming Events
    1. Technology Exchange, including CAMP and ACAMP
    2. InCommon Shibboleth Workshop - Salt Lake City
  9. New Participants, Cert Service Subscribers, Duo Subscribers
  10. New Sponsored Partners
IAM Online October 15 - InCommon Bronze and Security
Dean Woodbeck (internet2.edu) posted on Oct 07, 2014

IAM Online – Wednesday, October 15, 2014
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

InCommon Bronze: Security
It’s October. It’s Cybersecurity month, and this IAM Online will feature two case studies from campuses that have implemented the InCommon Bronze Assurance Profile and how that has contributed to their local security strategies.

Join us for the October IAM Online, where two campuses will share case studies for InCommon Bronze Assurance. Bronze, comparable to NIST Level of Assurance 1, provides reasonable assurance that a particular credential represents the same person each time it is used. We’ve listed some links below that provide background information on the Assurance Program in general and the Bronze profile.
Assurance Program: http://www.incommon.org/assurance/
Program components: http://www.incommon.org/assurance/components.html
Bronze profile details: http://www.incommon.org/docs/assurance/IAP.pdf

Speakers:
Todd Haddaway, UMBC
Sharon Welna, University of Nebraska Medical Center
Ann West, Internet2

Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online
IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information and Security Council.