Skip to end of metadata
Go to start of metadata

Building Identity Trust Federations Conference Call

August 17, 2011

1) In Attendance

  • Suresh Balakrishnan (University System of Maryland)
  • David Bantz (University of Alaska)
  • Mark Beadles (OARnet)
  • Jeanne Blochwitz (University of Wisconsin)
  • Glenn Choquette (Fischer International Identity)
  • Heather Flanagan (Stanford University)
  • Joseph Giroux (California Community Colleges, Chancellor’s Office)
  • Michael Hodges (University of Hawaii)
  • George Laskaris (NJEDge.Net)
  • Dennis McDermott (Fischer International Identity)
  • Greg Monaco (Kansas State University)
  • Benn Oshrin (Internet2)
  • Rodney Petersen (EDUCAUSE)
  • Craig Stephenson (University of Wisconsin-Madison)
  • Jack Suess (UMBC)
  • Steve Tillery (Fischer International Identity)
  • Valerie Vogel (EDUCAUSE)
  • Ann West (Internet2/InCommon)
  • Dean Woodbeck (InCommon/Internet2)

2) Identity Management and Federation Services in the Cloud (Steve Tillery, SVP Engineering and CTO, Fischer International Identity)

  • Today's slides: Identity and Federation Services in the Cloud - Fischer International Identity
  • Abstract: This presentation discusses how Fischer’s identity management technology is being used to enable Federation in both public- and private-cloud environments. Fischer will review their integration between Shibboleth and their cloud based service offerings, their virtual IDP service, show how Institutions can participate in federations like InCommon without operating an on-premise federation infrastructure, and review a sample of IAM/Federation projects within Higher Education.
  • Speaker Bio: Steve Tillery directs all product development and engineering activities at Fischer International Identity and is the visionary behind Fischer's cloud-based and on-premise identity management technology. After joining Fischer in 1986, Steve developed many first-to-market solutions including the industry-standard WatchDog security and TAO mainframe collaboration solutions. Prior to joining Fischer, Mr. Tillery held various engineering and engineering management positions at Booz Allen Hamilton, Midwest Stock Exchange and Mobil.
  • Identity as a Service (IaaS) Architecture
    • Services offered from the platform include privileged accounts, role and account management, InCommon solutions, federation/SSO, as well as compliance and audit/reporting.
  • Federation – Shibboleth Integration and Rapid Onboarding
    • Federated infrastructure is not required on-premise.
    • Automated metadata updates.
    • InCommon Affiliate Sponsor – authorized to manage IdP and SP on behalf of client. (Additional bonus/incentive: federation implementation fees waived.)
  • Federation – IdP Services for special groups
    • For groups requiring a special entity ID (i.e., research grants, visiting faculty, campus events/seminars, etc.). Doesn’t require installing or operating another instance of Shibboleth.
  • Can this integrate with an existing Shibboleth or IdP? Would it allow for cooperation between several institutions (e.g., a research grant with shared resources across several institutions)? Fischer can work with other institutions already running a federated infrastructure.
  • Sample Federation Deployments
    • Cloud Based Federation Infrastructure – user credentials are managed on the IaaS platform and stored in the cloud.
    • On-Premise Federation Infrastructure – IaaS portal is federation-enabled; no local credentials stored in the cloud.
    • Private Cloud Infrastructure – Fischer Suite located in a private cloud with other resources. Single-sign on into all resources available (not just the Fischer product). Access for InCommon and non-InCommon members.
  • Security – moving from on premise to the web. Secure channel can be encrypted with PKI and SSL. Security between users in your organization and self-service portal is SSL.
  • Besides PeopleSoft, is Fischer integrating with other ERP systems (e.g., Banner)? They have a Banner connector. They also have connectors for Moodle, Zimbra, Google, BlackBoard and a number of other systems.
  • Fischer’s connector supports the following GoogleApps functions:
    • Manage User Accounts:
      - Export, Create, Update, Delete user accounts and nicknames
    • Manage Groups and Group Members;
      - Export, Create, Update, Delete Groups
      - Export, Add, Remove, members to or From Groups
      - Export, Add, Remove, owners to or from Groups
    • Password Management
      - Password Reset
      - Enable/Disable User
      - Validate User
      - Authenticate (Password Kiosk, Forgot Password, Self-Claiming)
  • Please contact Steve Tillery or Dennis McDermott with additional questions.

Next Call: September 21

  • No labels