Register Now for InCommon Shibboleth Installation Workshop in Cupertino

September 17-18, 2015
De Anza College - Cupertino, California
www.incommon.org/shibtraining

Registration is open for the InCommon Shibboleth Installation Workshop, September 17-18, at De Anza College in Cupertino, California. This two-day training session covers both the Identity Provider and Service Provider software, as well as some integration issues. The IdP portion of the workshop is based on the new IdPv3.

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible. Here is what you can expect:

  • A two-day, directed self-paced workshop

  • Hands-on installation of the identity provider and service provider software

  • Experienced trainers providing overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation

  • Attendance is limited to 40


The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment

  • Discuss how to configure and running the software in production

  • Learn about integration with other identity management components such as LDAP and selected service providers


Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff

  • Campus technology architects


For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki (wiki.shibboleth.net). More information on federated identity can be found at www.incommon.org.

Update as of July 2015: Wiki for the MFA Interoperability Profile Working Group is here

================

Colleagues,

On behalf of the InCommon AAC, I would like to invite your participation in a new InCommon Multi-Factor Authentication (MFA) Interoperability Profile working group; the charter is below for your review.  This working group is being initiated based on substantial community interest in the topic of interoperable MFA.

If you are interested in participating, please send an email directly to me (and not the list), indicating your area of expertise and a brief summary of the reason for your interest in participating.  Please send these no later than Friday, June 26, 2015.  Please note the timeline for deliverables and ensure that you are prepared to allocate the appropriate amount of time to this effort.

Sincerely,

Jacob Farmer

Chair, Assurance Advisory Committee


 

InCommon MFA Interoperability Profile Working Group Charter

Mission

The Assurance Advisory Committee (AAC) invites the Community to participate in the InCommon Multi-Factor Authentication (MFA) Interoperability Profile Working Group.  The mission of the working group is to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider.

 

Deliverables

1.  Assemble use cases that will motivate the deliverables of this working group

2.  Develop short list of widely deployed MFA technologies that will be in scope for the profile

3.  Define requirements for and draft MFA Interoperability Profile

4.  Develop and recommend scope and plan for adoption

5.  Present draft in session at Technology Exchange in October 2015

6.  Publish final profile by November 30, 2015

 

Principles

1.  Profile should be constrained to address the articulated need for distributed MFA.

2.  Ability to implement with current technology should be a core design constraint.

3.  Support for this capability should be exposed in the Federation Metadata.

InCommon and CLAC (the Consortium of Liberal Arts Colleges) are collaborating on an InCommon Shibboleth Installation Workshop at Trinity College in Hartford, Connecticut, on June 23-24. We have four spot available and open to anyone who wants to attend. To register, go to https://service5.internet2.edu/reg/events/shib15-062/registrations

Read on for details on the Shibboleth installation workshop, or see www.incommon.org/shibtraining.

We will focus the training sessions on people who wish to learn about and eventually deploy the new IdPv3. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible.

  • Two-day, directed self-paced workshop
  • You will install the identity provider and service provider software
  • Experienced trainers provide overviews and one-on-one help
  • Discussions on configuration and suggested practices for federation
  • Attendance is limited to 20

The workshop will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

Three Case Studies in Access Mangement

IAM Online – Wednesday, June 10, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

The June IAM Online will feature three case studies in access management. Hear about a variety of ways that organizations implement Grouper and access management: controlling access to a video streaming service in residence halls, integrating with course management, access to a student portal, and integration with Sharepoint and development of a central authorization management system.

Speakers from Oregon State University, UCLA, and GÉANT (the pan-European research and education network) will share their thoughts and experiences. Hear about business drivers the level of effort involved for deployment and integration, and future plans for these access management deployments.

Speakers:
Erica Lomax, Oregon State University
Andrew Morgan, Oregon State University
Mandeep Saini, GÉANT
Albert Wu, University of California Los Angeles (UCLA)

Moderator: Tom Barton, University of Chicago

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

 

The 2015 Technology Exchange will take place October 4-7 in Cleveland, Ohio. This meeting includes a comprehensive Trust and Identity track, with the “unconference”-style Advance CAMP (ACAMP) on Monday and Tuesday morning, then two tracks for CAMP on Tuesday afternoon and Wednesday. Lots of U.S. and International R&E organizations will participate, so it will be a great opportunity for  Identity and Access Management people of all sorts to mix, enjoy, and learn from one another.

The Call for Proposals continues to be open through May 21. See the meeting website for details and guidance.
https://meetings.internet2.edu/2015-technology-exchange/call-participation/

Last year's TechEx in Indianapolis was both popular and informative and we hope you can join us October 4-7 in Cleveland.

External Identities: Why and How with Real-World Examples

IAM Online – Wednesday, May 13, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Campuses are increasingly turning to external identities as an alternative to "guest" accounts for people who do not have institutional identities, like parents, alumni, external researchers, and continuing education students. This IAM Online will present an overview of the topic, touch on the recommendations from the InCommon External Identities Working Group, then delve into these topics:

  • key business drivers

  • campus experience from UMBC (parents) and Oregon State (trial with Canvas)

  • level of effort required for integration
  • risk assessment and determination
  • legal and privacy policy implications

  • cost-savings from eliminating local guest services


In addition, some campuses have started to look at invitations and account linking. Join us for this interesting and timely IAM Online.

Speakers:

Dedra Chamberlin, CEO, Cirrus Identity
Eric Goodman, University of California Office of the President
Andrew Morgan, Oregon State University
Erica Lomax, Oregon State University
Todd Haddaway, University of Maryland Baltimore County

Moderator: Tom Barton, University of Chicago

How to Connect

Slide sharing and audio: https://nternet2.adobeconnect.com/iam-online

Backup phone bridge for audio:
Dial-in numbers:

(734) 615-7474, or
(866) 411-0013 (toll-free US/Canada)
Access code: 0157272

The 2015 Global SummitApril 26-30, includes plenty of great content related to trust and identity. To filter the Global Summit program for security and identity sessions, use the track #4 filter to see the track "Cyber Security & Trust & Identity in Education & Research: A Community Built on Trust."   Be sure to click the tabs for Sunday, Monday, Tuesday, Wednesday, and Thursday to get the full picture. 

Below are links to a few of the sessions that may be of special interest to the security, trust and identity community.

Sunday, April 26

Monday, April 27

Tuesday, April 28

Wednesday, April 29

Thursday, April 30

Of course, in addition to track sessions and working meetings, the Global Summit features top keynotes, not to mention crucial hallway conversations and enjoyable social gatherings. 

The 2015 Global Summit Program Committee is chaired by Jack Suess, Vice President and CIO at the University of Maryland, Baltimore County, past chair of the InCommon Steering Committee and a member of the NSTIC Identity Ecosystem Steering Group (IDESG). Bruce Maas, Vice Provost for Information Technology and Chief Information Officer at the University of Wisconsin-Madison, is co-chair.


 

 

Improving Security of Identities and Authentication

IAM Online – Wednesday, April 8, 2015
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline


A number of U.S. organizations are working to improve the security of identities and authentication, including promoting and expanding multifactor authentication and educating individuals and institutions about staying secure online. The April IAM Online will feature speakers from three of these organizations: the National Cyber Security Alliance, the FIDO (Fast IDentity Online) Alliance, and the National Strategy for Trusted Identities in Cyberspace (part of the National Institute for Standards and Technology).

The National Cyber Security Alliance is conducting a multi-city tour to educate consumers and businesses about multifactor authentication. By enlisting the support of local community leaders, government officials, businesses and universities, local residents are learning first-hand how to better protect themselves online by adding an extra layer of security, which confirms the identity of the user.

The FIDO Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance develops standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords.

We will also hear highlights from the National Strategy for Trusted Identities in Cyberspace, a White House initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of online transactions. NSTIC has funded a number of pilot projects, including the Internet2 Scalable Privacy effort.

Speakers

Kristin Judge, Program Lead, National Cyber Security Alliance
Jeff Shultz, National Strategy for Trusted Identities in Cyberspace (NSTIC)
Brett McDowell, Executive Director, The FIDO Alliance
Stephan Somogyi, Google

Moderator

Theresa Semmens, Chief Information Security Officer, North Dakota State University

Connecting

We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline.

About IAM Online

IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information Security Council (HEISC).

The March issue of the InCommon Update is now available.

Included this month:

  • April IAM Online Features National Cyber Security Alliance
  • Dates Announced for InCommon Shibboleth Installation Workshops
  • Per-Entity Metadata Pilot to Continue
  • TIER, IAM Online Webinar Archives Available
  • Global Summit April 26-30
  • Positions Open at InCommon
  • Registration Open for 2015 Security Professionals Conference
  • Internet2 Names Sr. VP and Chief Innovation Officer
  • New Certificate Service Subscribers
  • New InCommon Participants

 

InCommon Shibboleth Installation Workshop
May 14-15, 2015
Virginia Science and Technology Campus, George Washington University
Ashburn, Virginia
www.incommon.org/shibtraining

Need training on Shibboleth installation? Interested in the new version 3 of the Shibboleth Identity Provider? Then we invite you to the next InCommon Shibboleth Installation Workshop, May 14-15, 2015, at George Washington University’s Science and Technology Campus in Ashburn, Virginia (near Dulles airport).

Shibboleth has changed and we will focus the training sessions on people who wish to learn about and eventually deploy the new version. Those interested in upgrading from v2.x will also find value, but we will mainly cover IdPv3 as an independent topic to ensure we deliver the clearest content possible.

Please be aware that this will be our first training session focused on IdPv3. While the trainers all have extensive experience with Shibboleth, and all have studied and tested IdPv3, they may not have ready answers for all of the intricacies of the new version. This is your chance to stump the trainers in public.

During this two-day, directed self-paced workshop, you will install the identity provider and service provider software. Our experienced trainers will provide overviews and one-on-one help during the session. You will also join in a discussion about configuration and suggested practices for federation. Since IdPv3 greatly simplifies the installation process, particularly for Windows, we anticipate having plenty of time to explore configuration issues and also cover baseline practices for participating in the federation. Attendance is limited to 40 registrants.

The workshops will offer the chance to:

  • Install a prototype Shibboleth identity or service provider in a virtual machine environment
  • Discuss how to configure and running the software in production
  • Learn about integration with other identity management components such as LDAP and selected service providers

Knowledge of identity management concepts and related implementation experience is strongly recommended. Organizations are encouraged to send one or two attendees who best represent the following functions:

  • System install, integration, and ongoing support staff
  • Campus technology architects

For more information and a link to register, go to www.incommon.org/shibtraining.

To learn more about Shibboleth, see the Shibboleth wiki . More information on federated identity can be found at www.incommon.org.

This week marks the 10th anniversary of the adoption of SAML V2.0 as a standard for exchanging authentication and authorization data between parties. This is a significant milestone for the InCommon community and all of those who depend on federated identity and access management.

 

SAML is the Security Assertion Markup Language and is the basis for the Shibboleth single sign-on and federating software. Shibboleth grew out of the Internet2 Middleware Initiative and is now under the auspices of the international Shibboleth Consortium. (In fact, a new version of Shibboleth has just been released and is the topic for a webinar archived on March 11, 2015.) The SAML standard is also what makes the InCommon Federation work, as well as many of the other Research and Education federations around the world.

The SAML specification defines three roles: the user, the identity provider (IdP), and the service provider (SP). In a typical scenario, the user requests access to a service. The service provider requests an assertion from the identity provider and, based on that assertion, makes a decision about whether to provide access to the user.

SAML dates from 2001 and the current 2.0 version was adopted as a standard in 2005. The OASIS Security Services Technical Committee met in January 2001 to begin developing an XML framework for exchanging authentication and authorization information.

The InCommon Federation was formed in 2004, the year before the SAML V2.0 standard was ratified. The standard allowed the InCommon community to flourish, enabling the exchange of access information among millions of individuals in higher education and beyond.

Two community members associated with Internet2 and InCommon played major roles in the success of SAML V2.0 – Scott Cantor of The Ohio State University, one of the key developers of Shibboleth and long-time member of the InCommon Technical Advisory Committee, and the late R.L. “Bob” Morgan of the University of Washington and long-time chair of the InCommon Technical Advisory Committee.

As you enjoy the benefits of single sign-on during your day, remember to wish a happy birthday and thank-you to SAML V2.0 for making identity federation possible.

 

IAM Online – Wednesday, March 11, 2015

2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline

Features and Functionality of Version 3, Shibboleth Identity Provider

Have you read about the recently released version 3 of the Shibboleth Identity Provider software? Are you curious about the improvements and changes? Join the March 11, 2015, IAM Online when members of the Shibboleth development team will discuss the new features and functionality of the new version of the Shibboleth Identity Provider. Scott Cantor is a long-time lead developer for Shibboleth and will talk about such features as user notification and support for CAS. In addition, the InCommon Technical Advisory Committee will provide an overview of discussions about baseline practices and deploying Shib 3.

Join us on Wednesday, March 11, at 2 pm ET and bring your questions!

Speakers:
Members of the Shibboleth Development Team

Moderator:
Tom Barton, University of Chicago

Connecting
We use Adobe Connect for slide sharing and audio: http://internet2.adobeconnect.com/iam-online. For more details, including back-up phone bridge information, see www.incommon.org/iamonline

About IAM Online
IAM Online is a monthly online education series brought to you by Internet2’s InCommon community and the EDUCAUSE Higher Education Information and Security Council.

InCommon has three positions posted. Two of these are newly created to help move the federation forward:
  1. Director of Technology and Strategy (http://goo.gl/yuDRRs)
  2. Program Manager, Community Trust and Practices (responsible for Assurance and Certificate programs) (http://goo.gl/jNY3eO)
  3. And a position in the Ann Arbor office to help with business operations and the registration authority (http://goo.gl/1VHzv2)

New major release of free open source federated identity solution adds user consent capability and support for Central Authentication Service protocol

BRISTOL, England, Feb. 20, 2015—The research and education (R&E) community is set to benefit from an upgrade to a free open source software system that will help them better deliver access and identity management services.

The Shibboleth Consortium—a collaborative group of international R&E organizations—has released version 3 of the Shibboleth Identity Provider, the latest version of its free open source software that enables secure web single sign-on. Institutions are able to use the software to enable researchers to safely access library resources, databases and collaboration tools using only one login, doing away with the need to set up new accounts as they move between locations.

Read the entire release.

The February issue of the InCommon Update is now available.

Topics include:

  1. February IAM Online: Working Groups Report - Making Federation Easier
  2. Registration Open for Internet2 Global Summit
  3. InCommon Adding MD-RPI Element to Metadata
  4. InCommon Staff Leadership Transition
  5. GENI, OGF Meeting Coming in March
  6. New Certificate Subscriber
  7. New InCommon Participants