Building Identity Trust Federations Conference Call
April 20, 2011
1) In Attendance
- Suresh Balakrishnan (University System of Maryland)
- Mark Beadles (OARnet)
- Paul Erickson (University of Nebraska-Lincoln)
- Michael Hodges (University of Hawaii)
- Jim Jacob (OARnet)
- Tim Miller (Wake Forest University)
- Rodney Petersen (EDUCAUSE)
- Tom Piket (Minnesota State Colleges & Universities)
- Chad Rabideau (AegisUSA)
- Steve Thorpe (MCNC)
- Valerie Vogel (EDUCAUSE)
- Ann West (Internet2/InCommon)
- Janet Yarbrough (AegisUSA)
2) Case Study: Using the AegisUSA Federation Appliance (Paul Erickson, University of Nebraska-Lincoln)
- Today’s call featured Paul Erickson from the University of Nebraska-Lincoln, who presented a case study on using the AegisUSA Federation Appliance.
- The University of Nebraska has 3 major sources of user data. They also maintain guests, which are handled at the IdM layer.
- University of Nebraska will be joining the Big 10/CIC in July 2011.
- They implemented the Sun IdM system over spring break this year. It was a major change over their homegrown scripts. They are currently dealing with “fallout” that comes from putting a new system in place and that’s taking a lot of time. Securing SAP and PeopleSoft now.
- In terms of the future, federation is really key for them. On campus, they use single sign on to tie things together. They’re looking to use the InCommon Federation solution for off-campus things. They’ve started to look at the assurance profiles and standards recently.
- They’re an R1 institution and research is a major part of what they do, so they need to do everything they can to support that and allow people to use the resources they need (federation seems like the most responsible way to collaborate and allow researchers to use off-campus resources).
- Currently have federation running with EDUCAUSE. Also federated with NIH and the CIC collaboration resource. With the recent NSF announcement to expand access to InCommon members, they’re hoping to roll something out with this soon, too.
- The local campus has a set of credentials (My UNL), but there are also services provided at the central level (SAP, etc.) and used at other campuses (via True U credentials). Occasionally, there’s confusion among users about whether they should use True U or My UNL credentials to access particular resources. The hope is that they can use federation as a bridge between these two credentials. (At this point, there are probably more political than technical obstacles in terms of addressing this issue.)
- Growing number of applications on campus. Focused on outsourced apps or anything not locally hosted in terms of federation.
- Hoping to see some improvements with BlackBoard.
- Janet: Aegis is seeing a lot of interest in federation and SSO as it relates to federation. UNL has really advanced their environment and Aegis continues to assist with their current implementation. They have a well-developed SSO practice.
- Suresh asked if the other UN campuses are members of InCommon, as well. Paul: They are not yet members. He’s currently trying to bring them into the fold and they’re now interested in joining InCommon. Paul worked with John Krienke to provide the other campuses with info about joining. This is definitely a direction in which they’d like to expand by federating with the other campuses (4 entities – president’s office and 3 additional campuses).
- Most of the work on campus was more political. Establishing practices and policies was probably more difficult than the technical side. Bringing the various sides together and identifying resources was more challenging in terms of the implementation. Any challenges on the innovation side were mostly because they were an early adopter.
- Aegis worked together on the UNL provisioning/deprovisioning. Also starting to work with Paul on doing Bronze/Silver analysis to determine what they need to do in terms of identity proofing, securing credentials, etc. to get to the Bronze or Silver level.
Next Call: May 18