Building Identity Trust Federations Conference Call
April 15, 2009
John Krienke, Internet2/InCommon
Craig Stevensen, WiscNet
Andy Rosenzweig, Merit
Renee Frost, Internet2
Steve Carmody, Brown/Internet2
Gavin Hogan, SUNY
George Laskaris, NJEdge.Net (chair)
Ann West, Internet2
Garret Sern, EDUCAUSE
Mark Scheible, NC State
Steve Thorpe, MCNC
For this month's call we will focus on developing efforts to build a statewide federation in North Carolina and have asked Mark Scheible from NC State University describe the state's strategies and approaches as well as lessons learned in deploying a statewide federation.
Strategies from North Carolina
Mark Scheible, NC State
- Two federation efforts in NC.
- U of NC system Identity Federation is stand alone, similar to U of Texas.
- NC Trust is pilot that uses InCommon.
- Some members overlap both federations.
- Additional technical challenges in participating in both.
U of NC Federation
- System wide with inter-institutional course application was the first "original" application to use the system.
- Stakeholders primarily 16 universities and citizens.
- Sponsor is the "Online North Carolina systems team" and system president.
- Similar model to the U of Texas.
- Created a certificate authority, signing CSRs, running the metadata.
- UNC provided support by creating Virtual IdPs on separate machines.
- Scripts were provided to provide backup.
- Future applications include: federation creation and management application; a virtual computing lab; RAMSeS research administration tool.
NC Trust Federation K-20 Pilot
- Based on NCREN which includes public and private participants, including hospitals, state government network
- Later this month all K-12 school districts will be connected to high speed bandwidth via NCREN
- Stakeholders are the entire state educational system
- Current pilot is limited number of Universities (public and private), Comm Colleges and K-12 (plus MCNC and Dept of Public Instruction) plus few SPs (VCL, NCLive)
- Results of this pilot will produce recommendations how to create statewide K-20 ID federation
- High ed participants provide sponsorship for non-higher ed participants
- Benefits of using InCommon - legal and administrative support, Cert authority, InCommon SPs
- Internet2, InCommon and their membership providing support through list serve
- Pilot ends Dec. 2009
- Both had similar challenges: getting organizations to sign MOU; legal councils from each institutions had issue with legal contract with InCommon; some technical challenges for smaller schools; volume of information was overwhelming to some of the participants. Current plan is to work closely with tech staff to get IdP's working properly.
- Last month's presentation from John Chapman from BECTA has good information and some ideas how to address access issues on K-12 level, support from identity providers.
- Virtual computing lab (VCL) ideal service provider for the pilot application because their current and future clients include members from university system, community colleges and K12. Other applications will include:
- NC Live - searchable collection of periodicals and books
- NC Trust Confluence site (Wiki)
Lessons Learned and Recommendations
- Because we are running a pilot, we may not have done things in the best order or planned as effectively or efficiently as possible.
- Developing high-profile use cases helps get support and exposure.
- Attribute release policy is important, but not critical
- Making sure tech people are on board to administer program is essential.
- Read what's out there; talk with colleges to see what they are using.
- Consider how to scale into statewide federation.
Will continue the development of inter-federation to help with stakeholders
Who sponsored K-12 at InCommon?
A. UNC at Chapel Hill
What challenges did you run into with K-12?
A. Student identifiers have been an issue, especially when they transfer from schools. Having an NC identifier for the entire state will allow students to change school districts and eliminating numerous ids.
This begs the question whether there should be a national identifier, despite the "big brother concerns".
Which communities are you trying to identify during the pilot? Teachers? Students? Other communities?
A. Initial thought is for the students.
How far down will you go with the students having accounts they log-in with?
A. Don't know, but probably varies by school district.
Sounds like this is managed at the LEA level.
A. Varies widely by part of state you are in. (Steve Carmody) Every student in RI is assigned a unique identifier, which is used to track them from one district to another.
Sponsored K-12 with InCommon - how does that work? Is his something new?
A. Basic premise for InCommon participation is higher ed are the gatekeepers and the criteria for being a sponsored partner is that a higher ed institution needs their collaborations to grow in a particular direction. That had not occurred until the NC pilot. No separate MOU, same participation agreement.
Are you planning on putting together a more formal presentation?
A. Yes, at the I2 meeting.
Importance of having a common attribute release policy? Can you address that?
A. Trying to develop one based on the community you are dealing with. Attribute release is something people are looking for recommendations on and something our community needs a few more use cases under our belts.
Chair's Concluding Remarks
Notes having BECTA back on another call. May be worth asking them specific areas we would like them to drill down on. In particular, scalability of K-12 IDPs and how they managed the rollout not only from a technical perspective, but how they manage the users.
Please send us a list of questions to share with BECTA.