CAMP Program

11:30 am - 6:30 pm

Registration Open (CAMP and Pre-CAMP)

1:30 pm - 5:15 pm

Pre-CAMP Conference
Getting Started with Federated Identity Management

7:30 am - 4:30 pm

Registration Open

8:30 - 8:45 am

Welcome and Introductions
Shel Waggener, Senior Vice President, Internet2

8:45 - 9:25 am

Keynote
Patrick Perry, Vice Chancellor of Technology, Research and Information Systems
California Community Colleges

The 112 California Community Colleges are highly independent.  In pursuit of academic goals, and over the course of their lives, California Community College students may attend several colleges (sometimes attending 2-3 colleges at the same time to get enough classes).  This “swirling” and “come-and-go” behavior creates significant student identity challenges.

Patrick Perry will discuss these challenges and how the California Community Colleges Chancellor’s Office (CCCCO) is tackling this problem to facilitate research for systemic and institution improvement.  In addition, with mandates from the legislature, CCCCO is tasked to implement technology for student success and a common student identity across the largest system of higher ed is the “secret sauce” in making it all work.

9:30 - 10:15  am              

Identity Management and Distributed Services: Challenges and Solutions
Session Moderators: Jacob Farmer, Indiana University; Ann West, Internet2

From library databases to outsourced email, your campus departments and budget officers want to provide better service at a lower cost. And, they look to you to make it all possible with your identity management infrastructure. We'll kick off CAMP with a series of lightning talks, polls, and discussions to set the stage, identify the challenges, and offer up solutions.

Identity Services: Strategy, Governance, Practice
Speakers: Kevin Morooney and Renee Shuey, Penn State

The role of executive sponsorship and organizational governance is important for bringing together awareness and stewardship for identity management practices and support of processes and policies. Join a conversation about one institution’s approach to aligning the components needed to bring executive sponsorship and a governance strategy for Identity and Access Management services.

10:15 - 10:30 am

Refreshment Break

Refreshment Break

10:30 - 11:30 am

The State of Identity Management on Your Campus
Session Moderators: Jacob Farmer, Indiana University; Theresa Semmens, North Dakota State University

This interactive session will lead you through a self-assessment of your identity and access management system. Are you "just starting" or "battle scarred?" This tool will help you identify focus areas as you move toward outsourced or cloud services.

10:30 - 11:00 am
Outsourcing IAM in North Carolina
Speakers: Mark Scheible and Steve Thorpe, MCNC

This session will present the background and the process that resulted in the creation of an Outsourced IAM “Managed Service” and highlight the benefits it brings not just to K-12 but to higher education - particularly at the touch-points between the two. It also connects the earlier K-20 NCTrust federation to current efforts to provide a Regional Federation for North Carolina.

11:00 - 11:30 am
Identity Management in the Cloud
Speaker: Maria Schuett, Capella University

When Oracle announced that it would not support Capella’s legacy Sun IAM platform it became an opportunity to evaluate the current infrastructure. The IAM gap analysis revealed inadequate lifecycle management, inefficient provisioning and de-provisioning processes, limited role provisioning, incoherent IAM environments, inconsistent user experience, and limited integration with its PeopleSoft systems. Capella needed to better manage its identities, but understood the challenges of assembling a team to deploy and manage an IAM infrastructure. The university chose to go with an IAM Cloud solution using Lighthouse Gateway.

11:30 am - 12:30 pm

Lunch

Lunch

12:45 - 1:30 pm                   

Joint Session: InCommon Steering Panel
InCommon Steering is working closely with Internet2 to take on more responsibility for trusted identity in the research and education space. The Steering committee will describe the vision and projects underway and how they are advancing trusted identity and then take questions and comments from the community.

Joint Session: InCommon Steering Panel
InCommon Steering is working closely with Internet2 to take on more responsibility for trusted identity in the research and education space. The Steering committee will describe the vision and projects underway and how they are advancing trusted identity and then take questions and comments from the community.

1:30 - 2:30 pm

Identity Stores, ERPs - Getting the Data into the IAM System
Speakers: Keith Hazelton, University of Wisconsin; Rob Carter, Duke University; Peter DiCamillo, Brown University; Dan Malone, Cal Poly State University

Do you have an ERP system that contains identity data? Do you have different identity stores for students, faculty/staff, and alumni? How do you take data contained in these disparate systems and get it into your IAM system, where you can then feed the outsourced/cloud services? Our panelists will share their solutions for this common problem.

1:30-2:00 pm
memberOf: Box to ERP
Speakers: Clark Trimble and Jared Housh, University of Tulsa

We trace group membership as used by Box file sharing to its indication in the University ERP. Techniques and troubles encountered along the way are presented for Box, Shibboleth, LDAP, Grouper, attribute store, and the ERP data warehouse. Special emphasis is given to synchronization procedures employed between each component. As a result, a holistic view of the University's identity management system is conveyed.

2:00 - 2:30 pm
Synchronizing Active Directory Groups
Speakers: Eric Kool-Brown and Nathan Dors, University of Washington

Institutions with one or more authorization systems may be interested in the areas covered by this project: 1) Event-driven architecture: pros and cons, platforms, and alternatives, 2) Unified authorization: keeping authorization groups synchronized between systems, 3)
Integrating Linux and Windows authorization: AD supports LDAP and Kerberos; could AD be used in addition to or as an alternative to OpenLDAP and MIT Kerberos in your institution?

2:30 - 3:15 pm

Managing Your Service Provider Interactions
Speakers: Brendan Bellina, University of Southern California; Nathan Dors, University of Washington
As you support more and more service providers (both on-campus and off-campus), you may find yourself spending more time resolving problems and troubleshooting, perhaps both policy and technical issues, particularly with external partners. Our panel will discuss how they manage their SP relationships and some of the lessons they have learned over the years.

Lowering Barriers for Distributed Service Integration: The Cloud Service Cookbook
Speakers: Keith Wessel and Mark Nye, University of Illinois at Urbana-Champaign; Keith Brautigam, University of Iowa

Partnering with a new cloud service provider can be complicated and time-consuming. By the time you educate a new cloud vendor about identity management in higher ed, work your existing single sign-on and federation into their model, and integrate their service into your existing campus services, it’s easy to question the value of a cloud service in the first place.

The CIC Identity Management task force is creating a Cloud Service Cookbook to help lower these barriers. The cookbook will explain the IDM landscape in higher ed, propose best practices, and make suggestions from procurement to implementation. It will also document the value of InCommon membership for vendors and how joining InCommon helps simplify cloud integration. This session will show the cookbook and the process that went into creating it. We will discuss how it’s helping the CIC schools and can help other schools and their vendors.

3:15 - 3:30 pm

Break Sponsored by Unicon

Break Sponsored by Unicon

3:30 - 4:30 pm

Outsourcing your IAM or Federated IAM System: Policy and Technical Considerations

You understand the value of an Identity and Access Management system. You see the possibilities of federation. But the staffing levels and dealing with the learning curve just aren't in the cards. While outsourcing of email has become somewhat common, but how about outsourcing identity and access management, and/or federated IAM? Hear the policy and technical pros and cons, and listen to case studies from our panelists and lightning talkers.

3:30 - 4:00 pm
Course Membership Provisioning Using Banner Events
Speakers: Joshua McCurdy and Peter DiCamilllo, Brown University

Campus business systems such as Banner provide data that can be necessary for managing access to services, in addition to supporting campus business needs. This session describes the method Brown University has implemented to provision course group memberships in real time from Banner. Course membership events are detected in Banner, sent over a message bus, and processed to update course groups in Grouper. The Grouper change log then triggers provisioning updates to target systems, such as Canvas and Google Groups, that depend on course memberships. As a result, a student can register for a course in Banner, and have full access to the course site in Canvas and other course resources within minutes.

In the session, we will go into some detail about how the events are processed within Banner, how we use the Grouper change log, and the overall architecture using message buses with Grouper for real time provisioning.

4:00 - 4:30 pm
InCommon TAC: Priorities for 2014

The InCommon Technical Advisory Committe (TAC) will provide one of the regular updates of its work plan and discuss some of the projects that are currently underway. In addition to interest in hearing feedback about current work, the TAC is interested in hearing about current problems as well as suggestions of areas that deserve attention. Most of this work is done in subgroups that draw their membership from the community. The face-to-face environment is expected to provide an opportunity for
active discussion of some of these topics.

4:30 pm - 5:30 pm

Joint Session: Google! Facebook! Can Social Identities Make Your Life Easier?

Do you serve constituents that have an arms-length relationship with your campus? High schoolers applying for admission, for instance? Parents? Community members taking continuing education classes? Oftentimes, portals and other low-risk applications serve these groups, but you have to issue NetIDs and manage the whole credentialing process. Can you have them bring their own credentials, in the form of Google and Facebook IDs? Hear about the community work being done and case studies from early implementers.

Joint Session: Google! Facebook! Can Social Identities Make Your Life Easier?

Do you serve constituents that have an arms-length relationship with your campus? High schoolers applying for admission, for instance? Parents? Community members taking continuing education classes? Oftentimes, portals and other low-risk applications serve these groups, but you have to issue NetIDs and manage the whole credentialing process. Can you have them bring their own credentials, in the form of Google and Facebook IDs? Hear about the community work being done and case studies from early implementers.

6:00 - 7:30 pm

CAMP Reception

CAMP Reception

8:30 - 9:30 am                     

Provisioning and Deprovisioning - Policy Considerations and Case Studies                                        
Session Moderator: C.W. Belcher

As you provide more outsourced and cloud services, granting and removing access becomes more and more important. What are the policy considerations as you look at your process? How do campuses handle guests, affiliated groups, students who attend other institutions, and other specific use cases? We can't provide you with all of the answers, but can get you started on the right questions to address.

8:30 - 9:00
Collaboration as a Service
Speaker: Niels van Dijk, SURFnet

This session showcases various scenarios from The Netherlands where distributed and cloud services were used to facilitate collaborations between institutions.

Scenarios include:

sharing learning platforms between institutions, nationally and internationally;

sharing digital examination tools between institutions;

combining cloud-based and on-premise services;

private cloud document sharing as a collaboration between University Medical Centres.

The presentation will look at the 'business case' for these collaborations, as well as how (inter)federation, groups, attributes and provisioning was used to facilitate these scenarios.

9:00 - 9:30
Enhancing collaboration for researchers across campuses using COmanage
Speakers: Scott Koranda and Marie Huynh, LIGO; Benn Oshrin and Heather Flanagan, Internet2

Research and scholarship today is more collaborative than ever before and collaborations extend beyond a single campus. Groups of researchers and students from around the world need to come together and collaborate efficiently. Identity federations like InCommon in the United States go a long way to help make collaboration more efficient but identity federation by itself is not enough. Research faculty need a collaboration management platform (CMP) to help them create and manage collaboration spaces for their project teams and streamline access to the data, applications, and collaborative tools that power the collaborative research engine.

The University of Wisconsin-Milwaukee and the Laser Interferometer Gravitational-wave Observatory (LIGO) have deployed COmanage, a CMP focused on supporting research virtual collaborative organizations (COs). LIGO is using COmanage to manage the collaboration between itself and its sister project KAGRA in Japan. We will demonstrate how a member of the KAGRA-LIGO working group enrolls, is approved, and then gains access to LIGO web services using his or her federated identity.

9:30 - 10 am

Campus and Participant Best Practices 
Speaker: Tom Scavo, Internet2

 

Practical Experiences of IAM and Distributed Services
Speaker: Richard James, Newcastle University

The session will describe Newcastle University’s current Identity and Access Management architecture, and will share experiences and initial approaches for the first ventures into distributed services. Newcastle has a long history of using Open Source tools within IAM. The University’s main IAM components being Internet2’s Shibboleth and Grouper and Talend’s open source Data Integration Suite. The session will discuss the importance of integration between these three components and the value and benefits that they have provided the institute and its users. Specific examples such as moving library systems to the cloud and fully exploiting the Microsoft offering for STEM students and staff through schemes such as Microsoft Dreamspark. The frictionless user experience facilitated by these tools has delivered over £1.4million of value to university members.

10:00 - 10:30 am

Break and Hotel Check-Out

Break and Hotel Check-Out

10:30 - 11:00 am

Brief Touch on Advanced Topics  

Hear lightning talks on issues of interest to the community. These go beyond the basics, but help demonstrate the power of federated identity.

The Chicago Approach to Identity Assurance
Speaker: David Langenberg, University of Chicago

Identity Assurance and more specifically InCommon Silver Assurance is being talked about more and more within the IT organization. All of our campuses are at various locations on the not-well-explored path to gaining the InCommon Silver accreditation. This session will provide a brief overview of how the University of Chicago is handling the requirements from a technical perspective.

11:00 am - Noon

Closing Keynote
Tom Black,
Associate Vice Provost for Student Affairs and University Registrar
Stanford University

Identity and Student Services: What if?

As the university becomes more global, offers programs to thousands or hundreds of thousands of students that it never sees, integrates more tightly with the corporate sector, attracts a student body that's increasing electronically sophisticated, what will constitute student services?

What if we could do real time assessment? What if we could integrate the high school experience and make a mashup that a student could use to apply to college with a click? This session will present a look into the future student services and engage the audience in a discussion of the implications on electronic identity.

Closing Keynote
Tom Black,
Associate Vice Provost for Student Affairs and University Registrar
Stanford University

Identity and Student Services: What if?

As the university becomes more global, offers programs to thousands or hundreds of thousands of students that it never sees, integrates more tightly with the corporate sector, attracts a student body that's increasing electronically sophisticated, what will constitute student services?

What if we could do real time assessment? What if we could integrate the high school experience and make a mashup that a student could use to apply to college with a click? This session will present a look into the future student services and engage the audience in a discussion of the implications on electronic identity.

Noon

CAMP Ends

CAMP Ends