IAM Online – Wednesday, April 13, 2016
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Free the Attributes! Attribute Release, Scalable Consent, and User Convenience

When did you last take a look at your attribute release policies? How can you meet the requirements of data stewards and the benefits of relaxed attribute release? What is on the horizon with scalable consent and how will that help?

We’ll touch these and other questions in the next IAM Online, “Free the Attributes! Attribute Release, Scalable Consent, and User Convenience,” Wednesday, April 13, 2016, at 2 pm ET. Our speakers will discuss their journeys toward relaxed policies that allow for the release of a small set to some applications, including the Research and Scholarship category of service providers. We’ll also discuss the scalable consent project, with the aim of providing informed, revocable consent, attribute-by-attribute.

Presenters

Rob Carter, Duke University
Ken Klingenstein, Internet2
Keith Wessel, University of Illinois, Champaign-Urbana

Moderator

Tom Barton, University of Chicago

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

InCommon has scheduled two Shibboleth Installation Workshops for May and June, 2016. We have front-loaded the schedule this year because of the end-of-life of Shib IdPv2, July 31, 2016.

Registration is open for these workshops:
    •    May 19-20, 2016, at the University of Chicago in Chicago

    •    June 23-24, 2016, at the Rochester Institute of Technology in Rochester, NY


For details on the training sessions and links to register, please go to www.incommon.org/shibtraining

These two-day training sessions cover both the Identity Provider and Service Provider software, as well as some integration issues. We will focus the training sessions on people who wish to learn about and eventually deploy IdPv3. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help 

  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40


The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment

  • Discuss how to configure and running the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers


Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects


For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

Registries and Records: The Ties That Bind an IAM System

IAM Online – Wednesday, February 17, 2016
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

What are the business and policy concerns that drive the implementation of a central registry system? How do you ensure consistent and accurate data about individuals when that information might come from multiple locations and sources? How does this impact (and integrate) with such business systems as PeopleSoft, Workday, and others? How you can treat the registry as a master data hub and canonical source for person and other entity data.

Join us for this IAM Online and learn about the experiences of two universities implementing central registry systems -- and how those systems form the backbone of their identity and access management systems. Hear about why central registries were created and required elements for new records. Learn about the successes and bumps along the way. And hear about the registry work that is just getting started as part of the TIER initiative (Trust and Identity in Education and Research).

Join us for this wide-ranging discussion and to pose your questions.

Presenters

Warren Curry, IAM Architect, University of Florida
Chuck Moore, Business Relationship Manager, Penn State
Renee Shuey, Senior Director, Identity Services, Penn State

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

InCommon needs enthusiastic volunteers to bring their unique expertise to the InCommon Technical Advisory Committee (TAC), an advisory body to the InCommon Steering Committee. We invite you to nominate such people for membership on the InCommon TAC, including self nomination.

TAC works best when its members span a variety of perspectives, including (but not limited to):

  • universities and colleges of all sorts and sizes

  • research organizations, traditional and virtual

  • regional R&E network providers

  • sponsored partners

  • trust and identity solution providers
  • international partners


TAC supports InCommon’s mission "to create and support a common framework for trustworthy shared management of access to online resources." Specific duties include:

  • review and advise on InCommon's operations, technology choices, and the impact of policies on technical concerns
  • review and advise on InCommon service offerings, and make recommendations for new service development and service retirement
  • work with InCommon staff to ensure secure, robust, and reliable operation of InCommon services
  • engage with the trust and identity community to ensure that InCommon technology meets the needs of the participants
  • attend biweekly conference calls and the face-to-face meeting at the annual Internet2 Technology Exchange

The InCommon Steering Committee appoints TAC members to three-year terms. Individuals should have the necessary technical expertise, experience in the education and research community, and a track record of participation in that community.

Please send TAC member nominations to nominations@incommon.org by Wednesday, January 20, 2016. Self-nominations are welcome. Please include some information describing the strengths and experience the individual would bring to the TAC, and the constituencies they are familiar with. Please distribute this invitation to all interested parties.

See http://www.incommon.org/docs/policies/TACcharter.html for the TAC charter (revised December 2015) and TAC membership. New members would assume their membership in early February. Send questions and comments to Steven Carmody (steven_carmody AT brown.edu), InCommon TAC Chair.

Sometimes a little bit of cloud is all you need!

InCommon Affiliate Webinar
Wednesday, December 16, 2015
3 pm ET | 2 pm CT | 1 pm MT | Noon PT
http://internet2.adobeconnect.com/affiliate
(slides and audio)

How campuses are using hosted solutions to fill gaps in their identity management suite

Campuses are increasingly turning to cloud-hosted identity solutions to replace components of existing services, or as a supplement to local identity management systems. From guest access via social identity to proxy services that enable federation, Cirrus Identity SaaS solutions are filling the bill for many campuses.

In this webinar, staff from the Booth School of Business at the University of Chicago, Carnegie Mellon, and Oregon State will share use cases for incorporating new, hosted identity services with highly effective local identity tools. Specifically, you’ll learn about:

  • Hosted Identity Provider Proxy integration to provide federation with Jive Software
  • Linking campus IDMS attributes with social attributes for alumni login
  • Using APIs to trigger email invitations for students inviting parents’ social identities
  • Cirrus Gateway integration with Canvas

Designing managed solutions that integrate well with campus services requires thoughtful planning. Cirrus Identity will use part of the webinar to poll the community for input on some current product design questions. And you'll get to see how the community opines on some interesting topics. We hope you'll join us!

Presenters:

  • Dedra Chamberlin, CEO, Cirrus Identity
  • Darren Young, Systems and Security Architect, Booth School of Business at the University of Chicago
  • Helen Feder, Principal Systems Software Engineer, Carnegie Mellon University
  • Erica Lomax, Director - Identity and Access, Oregon State University

Phone Back-up

Audio will be available via Adobe Connect. There is a dial-in back-up:

734-615-7474, or 866-411-0013

PIN: 0105266#

About Cirrus Identity

Cirrus Identity is a team of experts in identity management for higher ed and research; we build cool, cloud-hosted identity management solutions for higher ed and research. Our products can help you whether you need a guest account system that leverages social identities like Google and LinkedIn (with invitation and account linking options), or a proxy service for those vendor apps that talk to only one SAML IdP endpoint, or a hosted SAML Identity Provider. Learn more about our team and our services at http://cirrusidentity.com

About the Internet2 Trust & Identity Solution Providers (formerly InCommon Affiliates)

Internet2 Trust & Identity Solution Providers, formerly known as InCommon Affiliates, are part of the Internet2 Industry Program. These providers offer software, support, integration, and consulting related to identity and access management, and other trust services. You can learn more about this program at www.incommon.org/affiliates.

InCommon would like your opinion!  We have created a survey about the InCommon Certificate Service and we are interested in your feedback.

The InCommon Certificate Service is unique in that it was designed by higher education for higher-education and, as such, strives to provide value to you – our higher-ed participants – unlike any other similar service.  It has been in operation for just over 5 years and we wanted to take this opportunity to solicit your feedback about what the service should look like in the future.

While most of the questions are about use of the Certificate Service, there are also a few questions for non-subscribers, so if you are one of those, we are interested in your feedback as well.

So, please take a few minutes and let us know what you think about the InCommon Certificate Service.  It is a brief survey and will only take a few minutes of your time.

The survey is located here: https://www.surveymonkey.com/r/InCommon-certs  and will be open until the end of the day on Sunday, December 6th.  A reminder email will also be sent on Monday, November 30.

InCommon’s Future: Interfederation, K-12, and Changing Demographics

IAM Online – Tuesday, December 8, 2015
4 pm ET / 3 pm CT / 2 pm MT / 1 pm PT
www.incommon.org/iamonline

You’ve recently heard about InCommon’s plan for international interfederation, but that is not the only change in the works for 2016. Pilots involving K-12 involvement are expected to move to production. And InCommon will explore the potential for new services and support options, given the changing demographics of InCommon participants.

Join us for this IAM Online to hear about how InCommon is changing and how that might affect you and your organization. Topics will include:

  • The changing mix of InCommon participants
  • InCommon Goes Global - how interfederation expands opportunities for participants
  • Incorporating K-12 - working with state research and education networks to broaden federation and trust opportunities
  • Plans for the future - using the data and the reports of recent working groups to plot the course for InCommon services and support

Presenters

Klara Jelinkova, InCommon Steering Chair, VP and CIO at Rice University
Ann West, Associate Vice President, Trust and Identity, Internet2

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

New and Updated Federation Manager Will Support Interfederation Implementation

InCommon Operations has deployed a number of new or updated user interfaces to the Federation Manager:

1) A new user interface for IdP operators to self-assert membership in the Hide From Discovery Category

2) An updated user interface to manage Requested Attributes in SP metadata

3) Two new user interfaces for Metadata Export, one for IdPs and one for SPs

Note: InCommon Operations will begin exporting metadata at scale to eduGAIN on February 15, 2016. At that time, all IdP metadata will be exported by default. All SPs that have explicitly opted in will be exported as well. Site Administrators choose whether or not to include their metadata in the Export Aggregate via the user interfaces mentioned above. You can do that any time between now and February 15.

InCommon Webinar: Introduction to Interfederation

Monday, Nov. 16, 2015
2 pm ET | 1 pm CT | Noon MT | 11 am PT

As you may be aware, InCommon is moving toward interfederation, by joining eduGAIN. This will have an impact on all InCommon participants that make use of the federation

What is interfederation? Why is InCommon participating in eduGAIN? What are the benefits for my organization? What should I consider as I determine whether to participate? We'll answer these and other questions, and provide an overview of interfederation in the context of InCommon and your organization.

Speakers:

Tracy Futhey, Vice President for Information Technology and CIO, Duke University

Scott Koranda, Lead Architect, LIGO (Laser Interferometer Gravitational-Wave Observatory)

Ann West, Associate Vice President Trust and Identity, Internet2

Connecting

We will use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/incommonedugaininformational/

Please note that we have a capacity of 200 seats in the Adobe Connect room. The webinar will be recorded for later viewing.

Back-up Phone Bridge

If you have problems with Adobe Connect or aren’t near your computer, use our back-up phone bridge:

Dial-in:

(734) 615-7474, or

(866) 411-0013 (toll-free in US and Canada)

PIN: 0116480#

Register Now for InCommon Shibboleth Installation Workshop in Durham, North Carolina

February 4-5, 2016
MCNC - Durham, NC
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, February 4-5, 2016, at the MCNC offices in Durham, North Carolina. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help 

  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40


The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment

  • Discuss how to configure and running the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers


Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects


For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

IAM Online – Wednesday, October 21, 2015

2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Multifactor Authentication: Campus Deployment Case Studies

It’s a hot topic in identity management. It’s a hot topic in security. Campuses are rolling out multifactor authentication (MFA) in the wake of phishing attempts to compromise direct deposit programs and other major security concerns. This webinar will provide an update on community work on MFA interoperability and two campus case studies implementing MFA. Topics include:

  • An update on the InCommon MFA Interoperability working group, which will define requirements for an interoperability profile (https://spaces.internet2.edu/x/CY5HBQ)
  • A report from the University of Colorado, which has gone from zero to 34,000 MFA users in six months
  • Information from the University of Texas at Austin on their deployment of a major MFA program with Toopher and is now moving to Duo after the Salesforce buyout of Toopher

Learn about the reasoning and issues involved with these projects, as well as the key questions that were addressed by these large-scale MFA deployments. Find out what to consider, whether you are just interested, or if you face a deployment of a few users or thousands.

Speakers:

C.W. Belcher, University of Texas at Austin
Brad Judy, University of Colorado
Paul Caskey, Internet2/InCommon

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

Shibboleth 3.x Identity Provider: Two Campus Case Studies on Implementation

Internet2 Trust & Identity Solution Provider Webinar: Unicon
(formerly known as InCommon Affiliates)
Wednesday, September 23, 2015
2 pm ET | 1 pm CT | Noon MT | 11 am PT

http://internet2.adobeconnect.com/affiliate (slides and audio)

The next InCommon Affiliate webinar, now part of the Internet2 Industry Program, will take place September 23 and feature Unicon and two campus case studies on Shibboleth IdPv3 adoption.

Many higher education institutions have adopted (or are planning on adopting) Shibboleth 3.x Identity Provider (IdP) due to the end-of-life of security patches for Shibboleth 2.x IdP in July 2016. In this webinar, Unicon’s Johnathan Johnson, senior software engineer, will present with representatives from Portland State University and The University of Chicago on each institution’s journey with implementing Shibboleth 3.x IdP.

  • Unicon collaborated with Portland State University to deploy Shibboleth 3.x IDP, utilizing both its SAMLv2 and Central Authentication Service (CAS) protocol support. Unicon also incorporated a Hazelcast backend, to provide a trouble-free shared session service that allows multi-node/High Availability IdP deployment supporting both SAMLv2 and CAS.
  • Unicon worked together with The University of Chicago to forward-port their existing Shibboleth 2.x IDP configuration to 3.x IdP, and built a Docker (container) image of IdP incorporating that configuration allowing for easy deployment of an updated image (and easy rollback if needed).


Presenters

Johnathan Johnson, Unicon, Inc.
Representatives from the University of Chicago and Portland State University

Phone Back-up

Audio will be available via Adobe Connect. There is a dial-in back-up:

734-615-7474, or 866-411-0013
PIN: 0105266#

About Unicon

Unicon, Inc. is a leading provider of IT consulting, services, and support for education technology and works with institutions and organizations to find solutions to meet business challenges. Unicon provides services and support for identity and access management (IAM) solutions including Central Authentication Service (CAS), Shibboleth, and Grouper. Unicon specializes in using open source technologies to deliver flexible and cost-effective systems in the areas of IAM, student success, mobile computing, learning management systems, portals, online video, calendaring, email, and collaboration. Learn more at www.unicon.net.

About the Internet2 Trust & Identity Solution Providers
(formerly InCommon Affiliates)

Internet2 Trust & Identity Solution Providers, formerly known as InCommon Affiliates, are part of the Internet2 Industry Program. These providers offer software, support, integration, and consulting related to identity and access management, and other trust services. You can learn more about this program at www.incommon.org/affiliates.

Register Now for InCommon Shibboleth Installation Workshop in Arlington, Texas

October 19-20, 2015
The University of Texas at Arlington
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, October 19-20, at the University of Texas at Arlington. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop
  • Hands-on installation of the identity provider and service provider software
  • Experienced trainers providing overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 40

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

Staying on top of what’s happening in the trust and identity world just got easier.  There's a new, simple way to locate information on InCommon working groups, the long- and short-term collaborations where a great deal of key community work gets accomplished. You're invited to visit and bookmark a handy wiki page that serves as a hub for finding InCommon working groups and their associated reports and recommendations.

In addition, if you are a current or prospective working group leader, there are useful tips for Trust and Identity Working Groups Chairs and Flywheels. Please email mw-service@internet2.edu if you have suggestions to enhance the usability of these pages or to link in more resources. Thanks to all of the community members who carve out the time to lead or participate in collaborative working groups.

Join leading identity architects and developers from U.S. research and higher education and international and commercial identerati at Advance CAMP (ACAMP), October 4-7, 2015, in Cleveland, Ohio. The overarching goal of ACAMP is to advance the state of the art in federation, access and security, and IAM services for both enterprises and virtual organizations.

Using an unconference format, attendees will determine the agenda and then convene highly focused, collaborative sessions with substantial time for exploration, discussion and determination of some next steps on cutting-edge topics.

This year, ACAMP will be held on Monday and Tuesday (half-day) of the Internet2 Technology Exchange. ACAMP is part of a comprehensive trust and identity schedule during the Technology Exchange:

- Sunday, October 4 - REFEDS (international federation operators)

- Monday and Tuesday (half-day), Oct. 5-6 - Advance CAMP

- Tuesday (half-day) and Wednesday, Oct. 6-7 - CAMP

 

For more information and to register:

https://meetings.internet2.edu/2015-technology-exchange/

 
We hope to see you there!