InC-Collaborate Blog

Registration Now Open for Two InCommon Shibboleth Installation Workshops

July 24-25, 2014 - Indianapolis, Indiana
September 29-30, 2014 - Newark, New Jersey
www.incommon.org/shibtraining

Need training on Shibboleth installation? Registration is now open for the next two InCommon Shibboleth Installation Workshops. Each workshop spends one day installing the identity provider software and one day on the service provider software.

The July 24-25 sessions are at Indiana University-Purdue University Indianapolis* and are co-sponsored by Indiana University. Please note - if you intend to register for Indy, the hotel room block closes on May 31.

The September 29-30 workshop is at the New Jersey Institute of Technology in Newark, New Jersey.

These directed self-paced workshops allow attendees to move through the material at their own speed, while having experienced trainers provide overviews and one-on-one help with the process. The workshops provide technical installation and configuration experience with Shibboleth version 2.x. Attendance is limited to 40 registrants each day.

The workshops will offer the chance to:

  • Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
  • Hear tips for configuring and running the software in production.
  • Learn about integration with LDAP directories and selected packages.

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

InCommon Affiliate Webinar Series: Cirrus Identity

Wednesday, April 23, 2014
2 pm ET | 1 pm CT | Noon MT | 11 am PT

http://internet2.adobeconnect.com/affiliate (slides and audio)

Are you looking for ways to make it easier to enable access for external users like parents, research collaborators, incoming students, and alumni? Are you interested in exploring the use of external identities, such as those provided by Google, Facebook, Twitter, LinkedIn, and WindowsLive? The Cirrus Identity Gateway Service, now in production, may be your solution. The authentication gateway enables access with external identities and includes the Cirrus Console for easy integration of your service providers with the gateway.

Join us for this InCommon Affiliate webinar to learn more about the Cirrus Gateway Service and to hear about use cases at early adopter campuses Brown University and Penn State.

Presenters:
Dedra Chamberlin, CEO, Cirrus Identity
Lucas Rockwell, CTO, Cirrus Identity

Phone Back-up

Audio will be available via Adobe Connect. There is a dial-in back-up:
734-615-7474, or 866-411-0013
PIN: 0105266#

About Cirrus Identity

Cirrus Identity offers cloud-hosted, user-friendly identity solutions that enable campuses to expand access and enhance collaboration.Their initial product, the Cirrus Gateway, enables campuses to quickly and easily grant access to parents, alumni, incoming students, research collaborators and more using social identities such as Google, Facebook, Twitter, and LinkedIn. Cirrus Gateway services are offered on a subscription basis for an entire campus (enterprise) or an individual Service Provider (business). For more information, please visit http://cirrusidentity.com.

About the InCommon Affiliate Webinar Series

InCommon Affiliates offer software, support, integration, and consulting related to identity and access management, and other trust services. This webinar series provides an opportunity for affiliates to share ideas and solutions with the community. You can learn more about the affiliates at www.incommon.org/affiliates.

Internet2, U.S. Research and Education Makes First Step Toward Global Interfederation

Federated trust expands internationally as InCommon signs eduGAIN Declaration

Internet2’s Trust and Identity and InCommon Steering Committee has voted to join the international eduGAIN service, which interconnects identity federations worldwide. The group agreed to the eduGAIN declaration, the first formal step toward interconnecting Internet2’s InCommon - the U.S. research and education identity federation - with its peers in 30 other federations worldwide. The vote took place last week at the Internet2 Global Summit in Denver.

The eduGAIN service, created and operated by the pan-European GÉANT network, enables the trustworthy exchange of identity and access information among identity federations worldwide.

“Thanks to significant work by InCommon community members and working groups, we are making the first step toward worldwide interfederation,” said Klara Jelinkova, committee chair and senior associate vice president and chief information technology officer at the University of Chicago. “We still have much work to do on the technical details, but this signals our commitment to the trusted exchange of identity information with our partners around the world.”

Through eduGAIN, universities and their researchers and educators can access a greater range of services, delivered by multiple federations in a collaborative environment. Service providers for research, scholarship, and administration will reach international partners in other federations who will seamlessly benefit from the wider range of services.

“We expect eduGAIN will provide significant benefits to InCommon participants,” said Shel Waggener, senior vice president at Internet2. “Identity providers will be able to make many more services available, and our sponsored partners will greatly expand their scope. This is a big win for all involved.”

About GÉANT

GÉANT is the pan-European research and education network that interconnects Europe’s National Research and Education Networks (NRENs). Together we connect over 50 million users at 10,000 institutions across Europe, supporting research in areas such as energy, the environment, space and medicine. eduGAIN is a key service developed within the GÉANT program, which enables the trustworthy exchange of information related to authentication, authorization and identity between member federations. See www.geant.net and www.edugain.org.

About Internet2

Internet2® is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve common technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions.
Internet2 also operates the nation’s largest and fastest, coast-to-coast research and education network, in which the Network Operations Center is powered by Indiana University. Internet2 serves more than 93,000 community anchor institutions, 250 U.S. universities, 70 government agencies, 38 regional and state education networks, 80 leading corporations working with our community and more than 65 national research and education networking partners representing more than 100 countries.
Internet2 offices are located in Ann Arbor, Mich.; Denver, Colo.; Emeryville, Calif.; Washington, D.C; and West Hartford, Conn. For more information, visit www.internet2.edu or follow @Internet2 on Twitter.

About Internet2’s InCommon

InCommon®, operated by Internet2®, serves the U.S. education and research communities, supporting a common framework of trust services, including the U.S. identity management trust federation for research and education, a community-driven Certificate Service, an Assurance Program providing higher levels of trust, and a multifactor authentication program. InCommon has more than 600 participants, including higher education institutions and research organizations, and their sponsored partners.

Contact: Dean Woodbeck
woodbeck@internet2.edu
(906) 523-9620

April 2014 InCommon Newsletter

The latest issue of the InCommon Update newsletter has been published. Items include:

  1. InCommon, Middleware sessions at the Internet2 Global Summit
  2. IAM Online April 30: Multi-Context Broker and Multifactor Authentication
  3. Cirrus Identity Affiliate Webinar April 23
  4. Cirrus Identity Joins Affiliate Program
  5. Shibboleth Installation Training Scheduled in July, September
  6. New Members and Expanded Role for InCommon Steering
  7. Federation Deploys New Metadata Aggregates
  8. 2013 InCommon Accomplishments Published
  9. InCommon Welcomes Harvey Mudd as 600th Participant
  10. New Certificate Service Subscribers
  11. New InCommon Participants
  12. Featured Affiliates: Aegis Identity, Fischer International, Unicon
  13. Thumbnails of New Sponsored Partners

InCommon Publishes 2013 Accomplishments

InCommon has published a list of accomplishments for the calendar year 2013. The InCommon leadership thanks the community for their work and their commitment, which made all of these achievements possible.

Multi-Context Broker Eases the Integration of Multifactor Authentication

Is your campus considering the implementation of multifactor authentication to bolster security beyond passwords? Are you considering implementing multiple local or InCommon Assurance profiles? If so, and you use Shibboleth single sign-on software, your job just got easier.

The Internet2 community has released an extension to the Shibboleth software, the Multi-Context Broker (MCB) that significantly eases the integration of multifactor authentication technologies and the management of InCommon Assurance Profiles.

With the MCB, organizations can easily support single sign-on for multiple authentication methods. No custom code is needed. Once configured, MCB automatically selects appropriate authentication methods, based on service provider requests, user certifications, user choice, and hierarchies of assurance profiles like InCommon Bronze and Silver. The MCB currently supports username/password, X.509 client certificates, and Duo Security as authentication methods, and more methods are in the works.

Internet2 funded the MCB development through InCommon and the Scalable Privacy Project, which is supported by a grant from the National Strategy for Trusted Identity in Cyberspace (NSTIC). The University of Chicago, the University of Illinois, and the University of Toronto provided testing for the MCB.

The Multi-Context Broker plug-in and detailed documentation for installation and configuration are available at the Shibboleth Project wiki, and source files are available at GitHub. For details, see the MCB wiki page. This page also includes a complete description of the MCB and sample configurations for support of Duo Security, InCommon Silver, and a SafeNet USB-format token.

Internet2 Announces Leadership for Trust and Identity in Education and Research Initiative

New members join InCommon Steering, which will expand its role

Emeryville, Calif. – February 7, 2014 – Internet2 today announced the appointment of several leaders in higher education information technology to the InCommon Steering Committee, which moving forward will serve as the core of the newly expanded Trust and Identity in Education and Research program advisory group. Additionally new members have been appointed to serve on the technical InCommon Assurance Advisory Committee (AAC). In addition to the new members, both committees have new leadership.

The Trust and Identity in Education and Research program advisory group builds on the long-standing work of the InCommon Steering Committee. The expanded group will continue to oversee the business and policy affairs of InCommon trust services, the national U.S. research and education federation, as well as provide guidance for all of Internet2’s broad investments in identity and trust initiatives.

“Internet2 will rely on community leadership from the Trust and Identity in Education and Research program advisory group to provide vision and direction for all of our trust and identity initiatives and programs,” said Shel Waggener, Senior Vice President at Internet2. “The impact of the growing scope of these services is substantial and I’m very appreciative of this group’s commitment, and particularly for the leadership provided over the last three years of the InCommon Steering Committee by University of Maryland Baltimore County CIO Jack Suess.”

Klara Jelinkova, Senior Associate Vice President and Chief Information Technology Officer at the University of Chicago, is the new chair. Appointed to three-year terms are:

  • Dennis Cromwell, Associate Vice President for Enterprise Infrastructure, Indiana University
  • Susan Kelley, Chief Technology Officer, Yale University
  • David Vernon, Associate Chief Information Officer and Director of Information Technology Services, Cornell University
  • Melissa Woo, Vice Provost for Information Services and Chief Information Officer, University of Oregon
  • Bill Yock, Director of Enterprise Information Services, University of Washington
  • Steve Zoppi, Associate Vice President Systems Integration and Architecture, Internet2

Continuing participants include:

  • Klara Jelinkova, Senior Associate Vice President and Chief Information Technology Officer, University of Chicago,
  • Jack Suess, Vice President for Information Technology, University of Maryland Baltimore County
  • Joel Cooper, Chief Information Technology Officer, Swarthmore College
  • Mark Crase, Interim Assistant Vice Chancellor and Chief Information Officer, California State University System
  • Michael Gettes, Assistant Director - Identity Services, Carnegie Mellon University,
  • Chris Holmes, Associate General Counsel, Baylor University,
  • John O'Keefe, Vice President and Chief Information Officer, Lafayette College.

“I’m pleased to welcome such talented and dedicated colleagues to the expanded Trust and Identity group, building on the work of InCommon Steering,” Jelinkova said. “I would also like to thank Ardoth Hassler from Georgetown, Craig Stewart from Indiana, and George Strawn from the federal government for their service the past three years. We will miss their leadership and depth of knowledge.”

Taking the helm of the InCommon Assurance Advisory Committee is Steve Devoti (University of Wisconsin-Madison). He succeeds Mary Dunker (Virginia Tech), the founding chair of the AAC, which guides InCommon’s Assurance Program. New AAC members include Warren Anderson (LIGO), David Crotts (Virginia Tech), and Chris Spadanuda (University of Wisconsin-Milwaukee), with Jacob Farmer (Indiana University) reappointed. Continuing on the AAC are Doug Falk (National Student Clearinghouse), Trisha Craig (Duke University), Chris Holmes (Baylor University), and Debbie Bucci (federal government).

“Over the past two years, the AAC has helped launch our identity assurance program,” Jelinkova said. “Mary Dunker played a huge role in its success, including leading Virginia Tech to become the first university certified at the Silver level. We cannot thank her enough. I would also like to thank Scott Koranda (LIGO) and Steve Kurncz (Michigan State University), who are also departing, but played key roles in the formation of the assurance program.”

The Assurance Advisory Committee provides oversight of the InCommon Identity Assurance Program, reviews applications for certification and advises the Trust and Identity in Education and Research program advisory group.

For more information about the Trust and Identity in Education and Research program advisory group and the Assurance Advisory Committee, see http://www.internet2.edu/products-services/trust-identity-middleware/

About Internet2®
Internet2® is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions.

Internet2® also operates the nation’s largest and fastest, coast-to-coast research and education network, and serves more than 90,000 community anchor institutions, including more than 245 U.S. universities, 70 government agencies, 38 regional and state education networks, 60 leading corporations working with our community and more than 100 national research and education networking partners representing more than 50 countries. Internet2 offices are located in Ann Arbor, Mich.; Emeryville, Calif.; Washington, D.C; and West Hartford, CT. For more information, visit www.internet2.edu or follow @Internet2 on Twitter.

###

Harvey Mudd College Becomes 600th Participant In Internet2’s InCommon Community

Cloud, Certificates, Trust and Identity All Factors in Decision

Emeryville, CA---Feb. 3, 2014 – Internet2 is proud to announce its 600th InCommon participant, Harvey Mudd College located in Claremont, California. InCommon, the trust services provider for U.S. education and research, now includes 411 higher education institutions, 30 government and non-profit research centers and agencies, and 159 corporate and non-profit partners.

“Harvey Mudd College is delighted to become the 600th participant of InCommon,” said Joseph Vaughan, chief information officer and vice-president for computing and information services at the college. “Through the Claremont Consortium we have long been members of Internet2 and have wanted to participate in the benefits of InCommon for some time. Internet2’s InCommon leaders are doing so much in the areas of networking and cloud computing that are or will be beneficial to a small college like Harvey Mudd. We look forward to making use of the InCommon Certificate Service, for instance, as well as the InCommon Federation.”

More and more, the research and education community is turning to outsourced or cloud services, from learning management systems to support for the vast array of business functions. Through the federation, InCommon provides secure and privacy-preserving institution-based single sign-on convenience for 7.5 million individuals at more than 330 research and higher education organizations.

“This year marks the 10th anniversary – and the continued significant growth – of Internet2’s InCommon, the community-built and community-led approach to access and identity management,” said Shel Waggener, senior vice president of Internet2. “I invite all of the research and education community, and the commercial partners who serve them, to utilize InCommon and enjoy this simpler, scalable approach to collaboration and partnerships.”

Internet2 operates:

  • The InCommon Federation, an identity and access management federation, currently with 434 organizations participating.
  • The InCommon Certificate Service, offering unlimited certificates for all domains owned by a college or university, currently with 274 subscribers
  • The InCommon Assurance Program, providing U.S. government-approved trust in identities for access to higher-value services.
  • The InCommon Multifactor Program, offering multifactor authentication services such as Duo Security phone-based systems and SafeNet smartcards and USB format PKI hard tokens.

About Internet2’s InCommon
InCommon®, operated by Internet2®, serves the US education and research communities, supporting a common framework of trust services, including the US identity management trust federation for research and education, a community-driven Certificate Service, an Assurance Program providing higher levels of trust, and a multifactor authentication program. InCommon has more than 600 participants, including higher education institutions and research organizations, and their sponsored partners. For more information on InCommon and a full list of participants, see www.incommon.org.

About Internet2®

Internet2® is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions.

Internet2® also operates the nation’s largest and fastest, coast-to-coast research and education network, and serves more than 90,000 community anchor institutions, including more than 245 U.S. universities, 70 government agencies, 38 regional and state education networks, 60 leading corporations working with our community and more than 100 national research and education networking partners representing more than 50 countries. Internet2 offices are located in Ann Arbor, Mich.; Emeryville, Calif.; Washington, D.C; and West Hartford, CT. For more information, visit www.internet2.edu or follow @Internet2 on Twitter.

Contact: Dean Woodbeck
woodbeck@internet2.edu
(906) 523-9620

InCommon Shibboleth Installation Workshop

March 24-25, 2014
MCNC
Durham, North Carolina
www.incommon.org/shibtraining

Need training on Shibboleth installation? Consider attending the latest InCommon Shibboleth Installation Workshop in Durham, North Carolina, sponsored by InCommon, Internet2, and MCNC. These workshops tend to fill up quickly, so register today.

Special note to North Carolina institutions: Participants from any NC educational institutions and/or any NC-based NCREN/MCNC customers are eligible for a registration fee discount. To take advantage of this, you need to obtain a registration code from Steve Thorpe at MCNC (thorpe@mailbox.mcnc.org). The discount is available through February 24, 2014.

We’ll spend one day (March 24) installing the identity provider software, and the second day (March 25) installing the service provider software. These directed self-paced workshops allow attendees to move through the material at their own speed, while having experienced trainers provide overviews and one-on-one help with the process.

Attendance is limited to 40 registrants each day. Registration closes March 10, 2014.

The workshops provide technical installation and configuration experience with Shibboleth version 2.x using a self-paced set of instructions. The workshops will offer the chance to:

  • Install either a prototype Shibboleth identity or service provider in a virtual machine environment.
  • Hear tips for configuring and running the software in production.
  • Learn about integration with LDAP directories and selected packages.

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

InCommon will hold Shibboleth training sessions later this year in Indianapolis, Indiana; San Jose, California; and one additional location.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

December InCommon Newsletter

Here are this months topics; see the full newsletter for details.

  1. Holiday Hours - Limited Metadata Signing
  2. IAM Online Fri., Dec. 13 - "Trust and Identity: Beyond the Federation"
  3. U of Nebraska Medical Center First to Self-Attest Bronze Certification
  4. InCommon Affiliate Webinar Dec. 18: Aegis Identity and the P-20 Impact of IAM
  5. Federation Deploying New Metadata Aggregates
  6. Research and Scholarship at 63 IdPs
  7. New Certificate Service Subscribers
  8. New InCommon Participants

University of Nebraska Medical Center First to Self-Attest for Bronze Certification

The University of Nebraska Medical Center (UNMC) has become the second higher-education organization to become certified for the Bronze Identity Assurance Profile under the InCommon Assurance Program.

UNMC is also the first to use the representation of conformance method for qualifying for Bronze certification. Using this simplified approach for Bronze requires no audit; the identity provider attests to compliance by signing the assurance addendum to the InCommon participation agreement. You can see UNMC’s implementation example on the wiki (go to https://spaces.internet2.edu/x/gJmKAQ and look for “Bronze” under “implementation examples”).

“Since we were already aligned with HIPAA requirements, there were only a few things left that we had to do to qualify for Bronze,” said Sharon Welna, chief information security officer for the University of Nebraska Medical Center.

InCommon developed the assurance program as part of its mission to provide secure and privacy-preserving trust services for its participants. Enabling higher-value, higher-risk services requires increased trust by the organizations that run the identity and cloud services.

InCommon currently has two assurance profiles — Bronze and Silver. Bronze, comparable to the National Institute of Standards and Technology (NIST) Assurance 1 level, has credential security associated with basic Internet interactions. Silver, comparable to NIST’s level of Assurance 2, requires proof of identity and has security appropriate for higher-risk transactions.

Also in recent months, InCommon has made available an option (called alternative means) for achieving Silver certification that uses Safenet tokens and multifactor authentication. The assurance program allows for such approved alternative means for satisfying the criteria that an identity provider must meet to achieve certification. More information is available at https://www.incommon.org/assurance/alternativemeans.html

More information about the assurance program is at assurance.incommon.org.

Internet2 2013 Holiday Closing; Metadata Signing Info

The Internet2 offices will close on December 24, 2013, and reopen on January 2, 2014, so our staff can spend time with family and friends during the holidays. InCommon will only sign metadata *once* during this holiday break – on Monday, December 30, 2013 (at approximately 2:30 pm ET).

While our normal business services will be deferred until after the first of the year, critical federation services will continue to operate around the clock, including the Discovery Service, the Error Handling Service, the Gateway Service, and the Metadata Service. Visit our wiki for more information about these federation services.

All of us at InCommon hope that your holidays are warm and joyous and include spending time with family and friends. We are grateful that you are part of the InCommon community, and appreciate all of your contributions to making this a most successful endeavor. We look forward to working with you in 2014.

Happy Holidays from all the staff at InCommon/Internet2.

P.S. Here is a list of other holidays throughout the year when we do not sign metadata.

IAM Online - December 13

Trust and Identity: Beyond the Federation

Friday, December 13, 2013
3 pm ET | 2 pm CT | 1 pm MT | Noon PT
www.incommon.org/iamonline

Think InCommon is a federation? Think again. Come join us to learn more about InCommon's expanding role in Trust and Identity for higher education. After conducting a comprehensive review of the identity and access control landscape, Internet2 and InCommon are looking to ensure that all of the various components – tools, software, practices, infrastructure and standards – are consistent, community-focused, and well coordinated.

The InCommon Steering Committee will take a leading and expanded role in Trust and Identity, directing and advising the following areas: services, infrastructure, software, and integration. Join the December IAM Online (December 13, 2013) for a wide-ranging discussion of Trust and Identity and its impact on the research and education community.

Presenter: Jack Suess, UMBC, Chair of the InCommon Steering Committee

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online For more details, including back-up phone bridge information, see www.incommon.org/iamonline

About IAM Online

IAM Online is a monthly online education series including essentials of federated identity management, hot topics from the EDUCAUSE Identity and Access Management Working Group, and emerging topics in IAM. IAM Online is brought to you by Internet2¹s InCommon community and the EDUCAUSE Identity and Access Management Working Group.

InCommon Affiliate Webinar Series: Aegis Identity

“The Impact of Identity and Access Management with Federation on P-20 Individualized Learning and Cloud Resources”

Wednesday, December 18, 2013
2:00 pm ET | 1:00 pm CT | 12:00 pm MT | 11:00 am PT
http://internet2.adobeconnect.com/affiliate

Join us for the next InCommon Affiliate Webinar, “The Impact of Identity and Access Management with Federation on P-20 Individualized Learning and Cloud Resources,” presented by Aegis Identity Software, Inc., San Diego State University, and the IlliniCloud.

The speakers will discuss innovating the components required in architecting a cohesive IAM solution with integrated federation technology to allow for secure online authentication and authorization to cloud and on-premise resources to promote individualized learning. We will discuss the integration of business processes, constituents' needs and identity systems for the next generation of education technology.

Presenters:

Ames Fowler, Solution Engineering Manager, Aegis Identity Software
Jim Faut, Director of Software Development, Aegis Identity Software
Edgar Hodge, Director, University Computer Operations, San Diego State University
Marcus Jeffers, Identity Management Analyst, San Diego State University
Jason Radford, Systems Administrator, District 87, Bloomington, Illinois, IlliniCloud

About Aegis Identity Software

Aegis Identity Software provides contemporary identity management solutions that align with open source identity management technologies, deploying IdM solutions quickly and without incurring a large professional service expense to the university. Designed specifically for higher education, TridentHE, provides an identity management platform to automate provisioning/de-provisioning, identity synchronization, password management and user self-service.

About the InCommon Affiliate Webinar Series

InCommon Affiliates offer software, support, integration, and consulting related to identity and access management, and other trust services. This webinar series provides an opportunity for affiliates to share ideas and solutions with the community. You can learn more about the affiliates at www.incommon.org/affiliates.

Connecting

We use Adobe Connect for slide sharing and audio:
http://internet2.adobeconnect.com/affiliate

Back-up phone bridge for audio:
+1-734-615-7474 (please use if you do not pay for Long Distance)
+1-866-411-0013 (toll-free US/Canada Only)
Access code: 0105266#

If you have never attended a Adobe Connect meeting before, you can test your connection at http://internet2.acrobat.com/common/help/en/support/meeting_test.htm

On December 18th, InCommon Operations will deploy three new metadata aggregates on a new vhost (md.incommon.org). All SAML deployments will be asked to migrate to one of the new metadata aggregates as soon as possible but no later than March 29, 2014. In the future, all new metadata services will be deployed on md.incommon.org. Legacy vhost wayf.incommonfederation.org will be phased out.

An important driver for switching to a new metadata server is the desire to migrate to SHA-2 throughout the InCommon Federation. The end goal is for all metadata processes to be able to verify an XML signature that uses a SHA-2 digest algorithm by June 30, 2014. For details about any aspect of this effort, see the Phase 1 Implementation Plan of the Metadata Distribution Working Group.

Each SAML deployment in the Federation will choose exactly one of the new metadata aggregates. If your metadata process is not SHA-2 compatible, you will migrate to the fallback metadata aggregate. Otherwise you will migrate to the production metadata aggregate or the preview metadata aggregate, depending on your deployment. You can find more information about metadata aggregates on the wiki.

To find out more, subscribe to our new mailing list and/or check out our FAQ.

Mailing list: metadata-support@incommon.org
FAQ: https://spaces.internet2.edu/x/yoCkAg

To subscribe to the mailing list, send email to sympa@incommon.org with this in the subject: subscribe metadata-support