Home | About InCommon | Join InCommon

IAM Online

Brought to you by InCommon in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group.

Policy and Privacy Considerations for Identity and Access Management in a Federated World Wednesday, February 8, 2012 3 pm EST / 2 pm CST / 1 pm MST / Noon PST The institutional processes for supporting campus identity management initiatives are fraught with policy challenges, including privacy considerations. The legal and policy concerns intensify under a model of federated identity management where the Personally Identifiable Information collected and managed by a campus is shared as "attributes" with service providers outside the campus. And new concerns arise as US campuses extend their collaborations and resources internationally, and need to be responsive to these international partners. This webinar will discuss the privacy benefits of federations, explore the emerging policy questions, and identity international efforts to find workable solutions. Speakers Ken Klingenstein, Director, Middleware and Security, Internet2 Steven Carmody, IT Architect, Brown University Moderator Rodney Petersen, Managing Director, EDUCAUSE Washington Office http://internet2.adobeconnect.com/iam-online Back-up phone bridge for audio: Dial-in numbers: (734) 615-7474, or (866) 411-0013 (toll-free US/Canada) Access code: 0157272

Subscribe to the IAM Online email list and receive information about future IAM Online sessions.

IAM Online is a monthly series delivering interactive education on Identity and Access Management (IAM). IAM Online includes three types of presentations/discussions:

• Federated Identity Management Essentials
• Advanced Issues in Identity Access and Management
• Hot Topics and Current Issues in Identity and Access Management

Sessions last one hour.

To Participate

We use Adobe Connect for slide sharing and to post questions via the chat function. Adobe Connect: http://internet2.acrobat.com/iam-online

http://internet2.adobeconnect.com/iam-online

Back-up phone bridge for audio:
Dial-in numbers:
(734) 615-7474, or
(866) 411-0013 (toll-free US/Canada)
Access code: 0157272

---

IAM Rewind (Archived Sessions)

The Research & Scholarship Category of Service Providers (recorded Jan. 19, 2012)

Archived Webinar [Adobe Connect]
Slide deck from Webinar [PDF]
R&S Program Details [links to wiki]

The Research & Scholarship category allows identity providers to release a minimal set of attributes to all service providers in this new category. Service providers eligible for the R&S category include those that support research and scholarly activities such as virtual organizations and campus-based collaboration services. The category will simplify and streamline user access at the SP while reducing administrative overhead at the IdP.

Presenters:
R.L. "Bob" Morgan, host/moderator, InCommon Technical Advisory Committee, University of Washington
Steven Carmody, InCommon Technical Advisory Committee, Brown University
Jim Basney, InCommon Technical Advisory Commitee, CILogon

Using Federated Identity for NSF- and NIH-Funded Cyberinfrastructure (recorded Jan. 11, 2012)

Download the slide deck [PDF]
View the archived session [Adobe Connect]

Both the National Science Foundation and the National Institutes of Health support a number of cyberinfrastructure projects around the country. Researchers and scientists at your campus may participate in one or more such projects (or be interested in doing so).

But what are the policy and technical issues you face in helping your faculty and researchers seamlessly connect with such projects? How can federated identity help and, more importantly, what are the issues and barriers involved? We’ll present a case study from the NIH-funded Indiana Clinical and Translational Science Institute, and a roadmap to using InCommon and federated identity for participating in cyberinfrastructure projects funded by NSF.

Speakers:
Tom Barton, University of Chicago, Moderator
Bill Barnett, Indiana University
Von Welch, Center for Applied Cybersecurity Research, Indiana University

Multifactor Authentication in Higher Education (recorded December 6, 2011)

Session Archive [Adobe Connect]
Session Slides [PDF]

The classic case for multifactor authentication is the need for higher-assurance authentication for transactions that expose the institution to significant risk. Another driver is the desire of some end-users and system administrators to self-select for heightened security. The U.S. Department of Education plans to require two-factor authentication for assets that are part of the Federal Student Aid program. this panel discusses business drivers, technology options, potential barriers, and current implementations of multifactor authentication.

Presenters: Rodney Petersen, EDUCAUSE; Steven Burke, Federal Student Aid, U.S. Dept of Education; Shilen Patel, Duke University; Miguel Soldi, University of Texas System

Governance of Identity and Access Management at Institutions of Higher Education (recorded October 12, 2011)

Session Archive [Adobe Connect]
Session Slides [PDF]

It is widely accepted that "governance" is an important foundation for an effective campus identity and access management program. Getting started in the governance process is typically challenging, as is reconciling related governance processes for IT, information security, and data. Moving towards federated identity management adds additional complexity. This panel explores a variety of governance approaches and will offer advice for getting started, gaining momentum, and sustaining efforts.

Get Schooled on the New Grouper 2.0 (recorded September 14, 2011)

Session Archive [Adobe Connect]
Session Slides [PDF]

Grouper – the open source access management toolkit developed by the Internet2 Middleware Initiative – has reached a major milestone with the release of version 2.0. Tom Barton and Chris Hyzer review the key new features of 2.0, including significant permission management capabilities, and a user interface to manage custom attributes, permissions, limits, and actions.

ECAR's 2011 Study of Identity Management in Higher Education (recorded July 13, 2011)

Session Archive [Adobe Connect]
Session Slides [PDF]

The EDUCAUSE Center for Applied Research has released the findings of its 2011 study of IdM in higher education, which illuminates the state of IdM practices at over 300 institutions. The study builds upon ECAR’s 2006 IdM study and focuses on issues related to authentication, enterprise directory, reduced or single sign-on, automated role- or privilege-based authorization, and federated identity.

Presenters: Rodney Petersen, EDUCAUSE, and Mark Sheehan, EDUCAUSE Center for Applied Research (ECAR)

Grab the Bronze and Silver Ring: Identity Assurance Progress (recorded June 15, 2011)

Session Archive [Adobe Connect]
Session Slides [PDF]

Some service providers may roll out applications requiring a higher Level of Assurance as early as fall 2011. In preparation, InCommon has refined the requirements for the Bronze and Silver identity assurance profiles (IAPs) to better align with the needs of these service providers and support the diversity of Identity Provider environments.

This IAM Online addresses the InCommon Identity Assurance Program, including Bronze and Silver, and what campuses are doing now to adopt these assurance profiles.

Presenters: Tom Barton, Univ. of Chicago; R.L. "Bob" Morgan, Univ. of Washington; Renee Shuey, Penn State

The Challenges of User Consent (recorded May 11, 2011)

Session Archive [Adobe Connect]
Session slides [PDF]

A discussion of potential scalable approaches to user consent and attribute release, coming metadata support from InCommon, plus a demonstration of uApprove. Automating the user consent procedure, combined with metadata-driven attribute release, provides an approach that greatly simplifies this process for all parties, and allows users to reach sites without delay.

Presenters: Tom Barton, Univ. of Chicago; Steve Carmody, Brown University; Russ Beall, Univ. of Southern California

Social Identities, Open IDs and Guest/Affiliate Access (recorded April 13, 2011)

Session Archive (Adobe Connect)
Session Slides (PDF)

Presentations on the pros and cons of using social networking identities or Open IDs to provide guest access to low-risk campus services, including a demo from Penn State.

Presenters: Dedra Chamberlin, University of California Berkeley; Debbie Bucci, National Institutes of Health; Chris Hubing, Penn State

The POP is Your Friend (recorded Mar. 9, 2011)

Session Archive (Adobe Connect)
Session Slides (PDF)

Jacob Farmer shares his popular presentation from InCommon Day CAMPs, where he helps new and almost-new participants use the POP (Participant Operating Practices) as their guide to reviewing their identity management practices in preparation for federating InCommon.

Group Provisioning for Federated Educational Applications (recorded Feb. 9, 2011)

Session Archive (Adobe Connect)
Session Slides (PDF)

Looking at provisioning Google Apps or other off-site services with your campus identity system? This IAM Online will feature two speakers on the topic of group provisioning for higher education.

Nathan Dors will share work being done at the University of Washington in group provisioning, particularly as it relates to syncing campus groups with Google Apps for Education. Tom Zeller from the University of Memphis will discuss ongoing activity in federated provisioning, specifically within the area of SPML (Service Provisioning Markup Language) standards.

A Panel Discussion About Persistent Identifiers for Education (recorded Jan. 12, 2011)

Session Archive (Adobe Connect)
Session Slides (PDF)

A number of factors are coalescing around the need for a globally unique, persistent, non-reassigned, transparent identifier for each individual. There remain a number of difficult technical, policy, and process issues, especially when personal identity, trust, privacy, and accountability must be considered. This panel discussion explored some of the current technology and policy challenges presented by unique identifiers and credentials, as well as opportunities for establishing standards and practices.

Federated Access to Science Services and Infrastructures (recorded Dec. 9, 2010)

Session Archive [Adobe Connect]
Session Slides [PDF]

This session looks at work being done to enable federated access to these services and infrastructures, and lower the barriers for such adoption. Rachana Ananthadrishnan presents on Globus Online and Jim Basney discussed CI Logon.

Live from the EDUCAUSE Annual Conference (recorded Oct. 14, 2010)

Session Archive [Adobe Connect]
Session Slides [PDF]

This session provides an update on the working group's goals, priorities, projects, and volunteer opportunities. It also features a discussion of EDUCAUSE's implementation of federated identity management that allows InCommon members to access online resources and services via members' home institution credentials.

Working with Sponsored Partners (recorded Sept. 16, 2010)

View the archived session [Adobe Connect]
Slides from the presentation (intro slides) [PDF]

Eduroam (recorded July 8, 2010)

View the archived session (Adobe Connect)
Slides from the presentation (PDF)

Handling Affiliate Populations (recorded June 10, 2010)

View the archived Adobe Connect session
Slides from the presentation (PDF)

Toward Common Identity Services (recorded May 13, 2010)

View the archived Adobe Connect session
Slides from the presentation (PDF)

Making Federation Happen (recorded April 8, 2010)

View the archived Adobe Connect session
Slides from the presentation (PDF)

Session overview: John O'Keefe and Joel Cooper demonstrate how schools of all sizes can get started with InCommon and federated identity management, including identifying the specific policy and technical steps that lead to successfully joining InCommon and leveraging your identity management system for use with resource providers.

Provisioning Remote Users (recorded March 11, 2010)

View the archived Adobe Connect session
Slides from the presentation (PDF)

Session overview: Mark Scheible and Lori McNabb explored the general challenges of provisioning remote users and the specific impact of HEOA regulatory requirements that ask accrediting organizations to evaluate college identity procedures for distance education students.

Introduction to Federated Identity Management (recorded February 12, 2010)

View the archived Adobe Connect session
Slides from the presentation (PPT)

Session overview: John O’Keefe discussed how Lafayette College leverages their existing identity management infrastructures to provide single sign-on access to resources both on- and off-campus. He outlined the value of InCommon Federation participation, including the security and privacy benefits, particularly in this era of outsourced services and resources.

---

For more information about IAM Online, contact Dean Woodbeck (Internet2/InCommon) at woodbeck AT internet2 DOT edu

---