MCNC and InCommon have concluded a six-month proof of concept of the InCommon Steward Program, which allows K-12 school districts and community colleges to take advantage of federated identity. This is a summary of the findings; the full report is available on the wiki.
Under this program, the Steward (in this case MCNC) manages the onboarding of its K-12 and community college constituents, a role typically performed by InCommon staff. InCommon provides training for the Steward, as well as the infrastructure and operational experience of operating a national federation.
The proof of concept validated the virtual team approach and found no significant impacts on the trust model. The organizations found, however, that the mid-year start did not allow for full engagement of the K-12 school districts, and agreed to continue with a six-month business development phase.
MCNC and InCommon operated the proof of concept from December 2016 through June 2017 to develop and test the onboarding and operational processes. Key findings include:
- Operational issues were minimal and communication within the “virtual team” (InCommon and MCNC staff) that managed the onboarding and identity proofing worked well without over-taxing either organization’s resources. A two-day in-person training session involving InCommon and MCNC staff contributed significantly to successful operation.
- There were no significant impacts on InCommon’s trust model during the proof of concept, largely due to prior community outreach and consultation. In fact, the presence of a knowledgeable Steward has improved alignment with recommended operational practices. There was only one operational confusion related to trust that was quickly resolved; training for future Stewards will be improved in this area.
- In general, impacts (positive or negative) of the Steward Program on K-12 have been difficult to observe, due to the timing of the proof of concept late in the school year.
To address the last item above, InCommon and MCNC have initiated a six-month business development phase to further develop the program’s value for K-12 and community colleges, as well as to further develop the program’s business and legal model. MCNC and InCommon will also develop a case study of the Steward Program, including recommendations for other regional networks interested in participating.
InCommon Shibboleth Installation Workshop
November 7-8, 2017
9:00 am - 5:00 pm (ET)
National Institute of Allergy and Infectious Diseases
Conference Center
5601 Fishers Lane
North Bethesda, Maryland 20852
Register at www.incommon.org/shibtraining
Are you interested in learning how to install and configure the Shibboleth SAML SSO/Federation Software? Do you need to upgrade to IdPv3? Would you like to see how the containerized TIER version of the Shibboleth IdP can simplify your installation and configuration?
Join us for the InCommon Shibboleth Installation Workshop November 7-8 at the National Institute of Allergy and Infectious Diseases Conference Center in Bethesda, Maryland. The registration deadline is October 20.
The two-day training covers both the Identity Provider and Service Provider software, as well as some integration issues. We will also introduce you to the TIER (Trust and Identity in Education and Research) version of the Shibboleth IdP, which is delivered via a Docker container and is pre-configured to work well with InCommon. The workshop focuses on installing and deploying IdPv3 and the Shibboleth Service Provider. Here is what you can expect:
• A two-day, directed self-paced workshop
• Hands-on installation of the identity provider and service provider software
• Experienced trainers providing overviews and one-on-one help
• Discussions on configuration and suggested practices for federation
• Attendance is limited to 40
The workshops will offer the chance to:
• Install a prototype Shibboleth identity and service provider in a virtual machine environment
• Gain experience with the Docker container version of the Shibboleth IdP (the TIER version)
• Discuss how to configure and run the software in production
• Learn about integration with other identity management components such as LDAP and selected service providers
Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:
• System install, integration, and ongoing support staff
• Campus technology architects
To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.