InCommon’s mostly monthly webinar series that delivers interactive education on timely IAM topics. Watch it live or catch the recording at your convenience. IAM Online is presented by InCommon and the EDUCAUSE Higher Education Information Security Council.
Hiring for Identity and Access Management
Wednesday, June 10, 2020 2 pm ET / 1 pm CT / Noon MT / 11 am PT
How do we hire for Identity and Access Management? The work requires a wide and diverse skillset and the qualified people already have jobs. Additionally, the COVID-19 pandemic has brought new IAM and budget challenges to higher education, so existing employees are being asked to retrain in these areas.
This webinar will dive into hiring people with the right skills to adapt and learn from the CIO perspective, the core skills to get folks started in IAM from the hiring manager perspective, as well as education and training options to bring new hires up to speed.
Kirk Kelly, Vice President for Information Technology and CIO, Portland State University Erica Lomax, Director of Identity and Access, Oregon State University Jessica Fink, InCommon Advocacy Program Manager Heather Flanagan, IDPro Kevin Morooney, Vice President for Trust and Identity and NET+, Internet2 (Moderator)
Our webinars are held the second Wednesday of every month. They are held at 2 pm ET, 1 pm CT, Noon MT, and 11 am PT.
Wi-Fi access has become critical for universities all over the world. Many research and education organizations have turned to eduroam – the global roaming WiFi service – to help students, faculty, staff, and visitors participate in online learning, research, working, and socializing.
This special edition of IAM Online provides a look at how three organizations have leveraged eduroam to meet these new and emerging needs.
The Utah Education and Telehealth Network (UETN) recently completed a pilot to provide eduroam at K-12 school districts – a pilot that is now paying dividends
The University of Florida has deployed eduroam in some public locations to serve its constituents
The University of Delaware is developing ways to provide enhanced mapping of eduroam hotspots to their community
Attend this IAM Online and learn how these organizations are creatively expanding the use and deployment of eduroam.
Mike Zawacki, Internet2
Saira Hasnain, University of Florida
Sharon Pitt, University of Delaware
Jeff Egly, UETN
Simplifying Federated Access to Scholarly Content and Services (May 2020)
View the recording (YouTube) (note – the slides freeze partway through, but audio is available throughout)
Federated access to scholarly content and services for campus users is more important than ever. Campus stakeholders have vested interested in seeing this done well, but often use different language and focus on different aspects of the technology. This webinar will highlight how different groups on campus are approaching support for users and how the scholarly communications industry is using federated technology like SeamlessAccess and GetFTR to enable access.
Moderator Heather Flanagan
Speakers: Lisa Hinchliffe – Professor/Coordinator for Information Literacy Services and Instruction in the University Library, University of Illinois at Urbana-Champaign.
Ralph Youngen – In his current role at the American Chemical Society, Ralph focuses both on internal technology strategy and external partnerships for the benefit of ACS Publications and the broader research community.
Two-factor authentication provides a straightforward way to increase the security of online systems and resources. Implementation may not be as straightforward. Join this IAM Online to hear about the implementation challenges and successes, including adopting the technology, by three community members.
The webinar builds on a recent paper developed by a number of community members through the EDUCAUSE Higher Education Information Security Council, and provides an interactive platform to engage with the authors.
Moderator Tom Barton, University of Chicago and Internet2
Presenters Lorrie Burroughs, Georgia Institute of Technology Hank Foss, Sacred Heart University Moeen Taj, Montgomery College
Case Studies – Solving IAM Challenges with Community-Built Software (March 2020)
Are you interested in how community-built software and services can solve your identity and access management challenges — such as lifecycle management or easing provisioning and deprovisioning concerns? Learn how organizations are solving these and other challenges in this IAM Online. We’ll bring you three case studies from schools participating in InCommon’s 2020 Collaboration Success Program (CSP).
These organizations have access to training, software experts and (most important) one-another as they work through adoption and implementation. They are using the InCommon Trusted Access Platform, the community-developed identity and access management suite.
You’ll hear about:
an identity and lifecycle management project and how midPoint will play an integral part
an access management use case and how Grouper is saving the day
demonstrating how the software can contribute to the development of a long-term IAM roadmap
Tommy Doan, Southern Methodist University Ethan Kromhout, University of North Carolina – Chapel Hill Lacey Vickery, University of North Carolina – Charlotte
Keith Hazelton, Internet2
Community Plans and Priorities for 2020 (February 2020)
Do you wonder where the next set of identity and access management priorities and features come from? Would you like to know what’s in the works for 2020?
Key InCommon advisory groups develop work plans each year, inviting comments and suggestions from community members. Join us for this IAM Online to hear about the service enhancements that might be coming down the pike.
The chairs of each of these key advisory groups will discuss work plans for 2020 and how those might impact InCommon and the broad identity and access management community.
Kevin Morooney, Vice President for Trust and Identity Services and NET+, Internet2
Presenters David Bantz, University of Alaska (CTAB) Janemarie Duh, Lafayette College (TAC) Tom Jordan, University of Wisconsin-Madison (CACTI)
Passwordless Authentication with Shibboleth and WebAuthN (January 2020)
Our first IAM Online of 2020 will provide another method of passwordless authentication; this one developed by Duke University.
Duke has integrated its Shibboleth Identity Provider with WebAuthn to allow one-step, passwordless multi-factor authentication. In this session we’ll discuss the evolution of this pilot, including:
Proof of concept
Iterations, the feedback they generated, and resulting changes
For each of these phases, we’ll discuss challenges, lessons learned, and policy decisions that helped us move forward. We’ll wrap up with recommendations about how to make passwordless authentication a reality at your institution, including some thoughts about technical and political challenges and strategies for moving through those issues.
—– Presenters Mary McKee, Duke University Shilen Patel, Duke University
Baseline Expectations v2 – Continuing to Raise the Bar (Dec. 2019)
Earlier this year, InCommon participants reached 100% adherence to Baseline Expectations for Trust in Federation, a community-driven effort to raise the trust in the InCommon Federation by requiring certain practices and elements in metadata.
The InCommon Community Trust and Assurance Board (CTAB) has begun plans for the second round of Baseline Expectations. After surveying the community and extensive discussions, CTAB is ready to propose Baseline version 2. Join us to hear about the process and the potential requirements.
David Bantz, University of Alaska
Albert Wu, InCommon Federation Service Manager
Capping a multi-year effort to move away from passwords, Stanford University has deployed the final component: client certificates that strongly authenticate both the user and the device. This process is integrated with the university’s Shibboleth identity provider and also requires a two-factor login once every 90 days.
Michael Duff, chief information security officer at Stanford, will describe why the university took this approach and lessons learned during the journey. He will also discuss the underlying systems and key design decisions mode over the six-year project. Join us to hear this story of “safer and simpler computing,” which dramatically improves security and the user experience.
Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2
Containerization: Streamlining Operations and Reducing Downtime (October 2019)
What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?
Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.
Real-world Experience Moving IdM to the Cloud at Illinois (Sept 2019)
Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?
Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.
Hear about the successful deployment of Grouper and planned migration of the Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.
Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign
We’re moving your metadata, not your cheese – a webinar on the release of the production candidate service (July 2019)
July 9, 2019
InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.
The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.
In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.
As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.
Scott Cantor (Ohio State), Shibboleth Developer and Board Member
Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.
CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.
Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.
Tom Barton, Moderator, University of Chicago and Internet2
Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign
Christos Kanellopoulos, Senior Trust and Identity Manager, GÉANT
OpenID Connect and OAuth in the R&E community (Dec. 2018)
How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.
Rachana Ananthakrishnan, Globus
Roland Hedberg, Catalogix
David Vaghetti, Consortium GARR
Albert Wu, InCommon/Internet2
Nathan Dors, University of Washington
IAM Access Governance and Grouper 2.4 (Sept. 2018)
Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.
Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).
Chris Hyzer, University of Pennsylvania
Bill Thompson, Lafayette College
Michael Gettes, University of Florida
Identity Matching: How to know who’s who (Aug. 2018)
Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.
In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.
Benn Oshrin, Spherical Cow Group
Summer Scanlan, University of California, Berkeley
Keith Wessel, University of Illinois at Urbana-Champaign