InCommon’s mostly monthly webinar series that delivers interactive education on timely IAM topics. Watch it live or catch the recording at your convenience. IAM Online is presented by InCommon and the EDUCAUSE Higher Education Information Security Council.
Community Plans and Priorities for 2020
Wednesday, February 12, 2020
2 pm ET / 1 pm CT / Noon MT / 11 am PT
Download the slides (PDF)
View the archived webinar (YouTube)
Do you wonder where the next set of identity and access management priorities and features come from? Would you like to know what’s in the works for 2020?
Key InCommon advisory groups develop work plans each year, inviting comments and suggestions from community members. Join us for this IAM Online to hear about the service enhancements that might be coming down the pike.
The chairs of each of these key advisory groups will discuss work plans for 2020 and how those might impact InCommon and the broad identity and access management community.
Kevin Morooney, Vice President for Trust and Identity Services and NET+, Internet2
David Bantz, University of Alaska (CTAB)
Janemarie Duh, Lafayette College (TAC)
Tom Jordan, University of Wisconsin-Madison (CACTI)
Our webinars are held the second Wednesday of every month. They are held at 2 pm ET, 1 pm CT, Noon MT, and 11 am PT.
Recent IAM Online topics and recordings
Check out the YouTube IAM Online channel, in cooperation with our European partner GEANT.
Our most recent webinars are listed here.
January 15, 2020
Our first IAM Online of 2020 will provide another method of passwordless authentication; this one developed by Duke University.
Duke has integrated its Shibboleth Identity Provider with WebAuthn to allow one-step, passwordless multi-factor authentication. In this session we’ll discuss the evolution of this pilot, including:
- Initial drivers
- Proof of concept
- Early release
- Iterations, the feedback they generated, and resulting changes
For each of these phases, we’ll discuss challenges, lessons learned, and policy decisions that helped us move forward. We’ll wrap up with recommendations about how to make passwordless authentication a reality at your institution, including some thoughts about technical and political challenges and strategies for moving through those issues.
Mary McKee, Duke University
Shilen Patel, Duke University
December 4, 2019
Earlier this year, InCommon participants reached 100% adherence to Baseline Expectations for Trust in Federation, a community-driven effort to raise the trust in the InCommon Federation by requiring certain practices and elements in metadata.
The InCommon Community Trust and Assurance Board (CTAB) has begun plans for the second round of Baseline Expectations. After surveying the community and extensive discussions, CTAB is ready to propose Baseline version 2. Join us to hear about the process and the potential requirements.
David Bantz, University of Alaska
Albert Wu, InCommon Federation Service Manager
November 13, 2019
Capping a multi-year effort to move away from passwords, Stanford University has deployed the final component: client certificates that strongly authenticate both the user and the device. This process is integrated with the university’s Shibboleth identity provider and also requires a two-factor login once every 90 days.
Michael Duff, chief information security officer at Stanford, will describe why the university took this approach and lessons learned during the journey. He will also discuss the underlying systems and key design decisions mode over the six-year project. Join us to hear this story of “safer and simpler computing,” which dramatically improves security and the user experience.
Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2
October 9, 2019
Download the slides (PDF)
View the recording
What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?
Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.
Download the slides (PDF)
View the recording (YouTube)
September 11, 2019
Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?
Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.
Hear about the successful deployment of Grouper and planned migration of the Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.
Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign
July 9, 2019
InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.
Download the slides (PDF)
View the recording
Wednesday, April 10, 2019
The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.
In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.
As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.
- Scott Cantor (Ohio State), Shibboleth Developer and Board Member
- Justin Knight (Jisc), Shibboleth Consortium Manager
March 20, 2019
Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.
CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.
Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.
- Tom Barton, Moderator, University of Chicago and Internet2
- Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign
- Christos Kanellopoulos, Senior Trust and Identity Manager, GÉANT
December 12, 2018
How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.
- Rachana Ananthakrishnan, Globus
- Roland Hedberg, Catalogix
- David Vaghetti, Consortium GARR
- Albert Wu, InCommon/Internet2
- Nathan Dors, University of Washington
September 12, 2018
Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.
Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).
- Chris Hyzer, University of Pennsylvania
- Bill Thompson, Lafayette College
- Michael Gettes, University of Florida
August 8, 2018
Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.
In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.
- Benn Oshrin, Spherical Cow Group
- Summer Scanlan, University of California, Berkeley
- Keith Wessel, University of Illinois at Urbana-Champaign