InCommon Academy
InCommon’s mostly monthly webinar series that delivers interactive education on timely IAM topics. See our YouTube channel (combined with our European friends GÉANT) for past webinars.
Please note: If you have already registered for a previous IAM Online, you will automatically receive Zoom coordinates for current and future IAM Online webinars – you only need to register once! The connection details will be emailed directly to all registrants on the morning of the event.
Register for Upcoming Webinars
Haven’t attended an IAM Online in 2022? Register Now.*
Going Password-Free at UNC: Design, Decisions, and Development
October 19, 2022, at 1 p.m.
University of North Carolina at Chapel Hill is on its way towards having passwordless logins. Seven months ago, the university launched a pilot to test its implementation of WebAuthn, known locally as Carolina Key. This new feature of the UNC web-based single sign-on (SSO) utilizes device-specific authentications, such as hardware security keys and fingerprint or face recognition. Carolina Key eliminates the need to use passwords when logging into many web applications. Students can begin registering devices for Carolina Key at the end of this month while this option will be available for faculty and staff in 2023.
Software Engineer Tariq Wilson will discuss the design of, and key decisions made during, the development process. Learn how they might be applicable as you consider making passwordless authentication a reality at your institution.
Speaker: Tariq Wilson, software engineer, Identity Management Team, University of North Carolina at Chapel Hill
Moderator: Steven Zoppi, associate vice president, Services Integration and Architecture, Internet2
Send us your ideas for future IAM Online webinars! We welcome suggestions from community members who have a timely Identity and Access Management topic to share with their fellow IAM peers and/or would like to recommend a colleague to present.
Suggest an idea or topic.
Recent IAM Online topics and recordings
Check out the YouTube IAM Online channel, in cooperation with our European partner GÉANT. Our most recent webinars are listed here.
Watch the Video
The last year has seen some big changes for the eduroam service, from new infrastructure to new user interface to new ways to deploy eduroam at scale for new communities. We provided you an overview of what’s changed, how it’s changed, and features and capabilities that are coming soon to your eduroam.
For this month’s IAM Online, we provided sessions from InCommon BaseCAMP 2022 held June 6-10, 2022. These videos were available for viewing in lieu of live programming:
DevOps in 10
Presenter: Dave Shafer, DevOps Manager, Trust and Identity, Internet2
Come for the Certificates, Stay for the Sirtfi
Presenter: Kyle Lewis, Chief of Governance and Risk Management, Research Data And Communication Technologies (RDCT)
TAP into Containers: Getting Started with the InCommon Trusted Access Platform
Presenter: Grady Bailey, Software Engineer, The University of Texas at Austin
Staying Engaged with Your Community
Presenter: Ann West, AVP, Trust & Identify, Internet2
Enjoy these great “strikes” of insight from BaseCAMP 2022!
Watch the Video
What would it take to rid the world of passwords? This question has been asked for many years and led to standards like U2F, UAF, FIDO2, and WebAuthn. We’re now in 2022, adoption is still low, and 2FA phishing is on the rise. As an industry, we have all the pieces and plumbing, so how do we enable strong, phishing-resistant authentication for the masses who don’t have security keys?
We’ll look at the evolving landscape for strong, phishing-resistant authentication and take a deep dive on passkey—the experiences it enables and the standards that are making it possible. We’ll also have an open discussion on what this means for the education community.
Speaker: Tim Cappalli, Identity Standards Architect, Microsoft Identity
Moderator: Heather Flanagan, Technical Liaison for SeamlessAccess and Principal at Spherical Cow Consulting
Watch the Video
Identity and Access Management (IAM) is a core component of an institution’s technical infrastructure. However, the journey of determining your path toward successful IAM implementation can be overwhelming at times. That’s where the Collaboration Success Program (CSP) comes in to help. Whether you are just starting to brainstorm your lAM roadmap or you’re ready to move your implementation plans forward, we have you covered with the CSP. Our presenters shared their experiences with how the program is helping them to achieve their IAM goals.
In an ever-changing higher education landscape, trust and identity are vital components for managing how researchers, students, librarians, staff, and others are identified, authenticated, and authorized to access tools and resources vital to their jobs. At the helm, those in information technology leadership positions are posed with an immense question – how do I make that happen at my institution? This in-depth webinar was held with chief information officers who have implemented identity and access management (IAM) solutions for strategic connections and collaboration across their campuses and beyond. They discussed how their IAM journey started, innovative solutions implemented by their teams, and what the future holds in the realm of identity.
Moderator: Kevin Morooney, vice president for Trust and Identity Services & NET+, Internet2
Panelists*:
Bernard Gulachek, vice president and chief information officer, University of Minnesota
Dave Robinson, chief information officer, Grinnell College
This month’s IAM Online event consisted of Higher Education Community Vendor Assessment Toolkit (HECVAT), which is an outstanding example of “community good.” Begun in 2016 as the EDUCAUSE Shared Assessments Working Group, the HECVAT has morphed into the go-to toolkit for third-party, cloud, on-prem, and supply chain risk assessments in higher education. This year, 2021, is a transformational year for the HECVAT. The HECVAT team partnered with InCommon TAC on updating the HECVAT questions in 2021. IAM Online this month went over HECVAT, the IAM questions, and how the InCommon Community can engage with their campuses on the cloud.
Speakers: Jon Allen, Associate Vice President CIO & CISO – Baylor University;
Josh Callahan, Information Security Officer – Humboldt State University;
Charlie Escue, Manager, Extended Information Security – Indiana University;
Brian Kelly, Cybersecurity Program Director – EDUCAUSE;
Nick Lewis, Program Manager, NET+ Cloud Services – Security and Identity – Internet2;
Mary McKee, Director, Identity Management and Security Services – Duke University.
View the presentation | Watch the video
Over the last few years, we have all observed how browsers have stepped up to support user privacy. Unfortunately, that is coming at a significant cost for things like Single Sign-on and Federated Identity. In this session, we talked about the latest changes, timelines, and how individuals and organizations can learn more and prepare their services for the changing landscape.
Speaker: Heather Flanagan, Technical Liaison for SeamlessAccess; Principal at Spherical Cow Consulting
For this month’s IAM Online, we provided sessions from from CAMP WEEK held Oct. 4-8, 2021. These videos were available for viewing in lieu of live programming:
Hosted Solutions, Federation Adapters, Evaluating Cloud Solutions
NIH and You: MFA, Identity Assurance, and Coming Requirements
View the recording | Download the slides
Are you wondering how some of the decisions are made for the products and services coming out of InCommon? Would you like to get more involved or just learn about upcoming plans and how to provide input? In this IAM Online, that’s exactly what you’ll learn about. Presenters sthe work plans and upcoming projects from each of the InCommon working groups and ways that you can be part of the action.
View the recording | Download the slides
Trust and security are what we live and breathe in our community. Many will recall the SolarWinds incident from late 2020, and the discussion of “golden tickets” and other downstream impacts that permeated the cybersecurity world. Members of the Internet2 Community Architecture Committee for Trust and Identity (CACTI) held an R&E community-focused discussion on impacts and paths forward, including what the community can do to help itself prevent these types of attacks against our own software, infrastructure, and deployments.
View the recording | Download the slides
In this IAM Online session, Jim Basney and Scott Koranda from the CILogon project at the University of Illinois provided an introduction to the current CILogon open source IAM-as-a-Service platform (using COmanage, Grouper, pyFF, SATOSA, and Shibboleth) and described CILogon’s multiple cloud provider integrations for NSF CloudBank and CILogon’s Gen3/GA4GH integrations for Australian BioCommons, in collaboration with the Australian Access Federation.
This online event featured IAM super trio Tommy Doan of Southern Methodist University; Lacey Vickery of the University of North Carolina-Charlotte; and Keith Wessel of the University of Illinois-Urbana-Champaign. They shared how the Collaboration Success Program helped them to make headway on their recent projects and roadmaps.
Wednesday, May 12, 2021
The National Institutes of Health (NIH) has publicized new requirements (MFA and Research & Scholarship attributes) for accessing its electronic Research Administration modules, but has also signaled coming changes to identity proofing and assurance for other applications; specifically using the REFEDS Assurance Framework (RAF v1) (https://refeds.org/assurance).
As a result, the InCommon Assured Access Working Group (AAWG) has developed guidance for US higher-ed institutions on meeting the REFEDS Assurance Framework. The May IAM Online provided a summary of the recommendations so you can begin working on your own campus on increasing your identity assurance and meeting new requirements from NIH programs and services.
Presenters
Brett Bieber, University of Nebraska; chair, InCommon Assured Access Working Group
Tom Barton, University of Chicago and Internet2
Download the slides
View the recording (YouTube)
The April IAM Online features a discussion of new and ongoing requirements for federating with the National Institutes of Health, and a look at an InCommon working group developing related guidance on identity proofing and authentication requirements.
The March IAM Online webinar featured an overview and discussion of the newly minted eduroam (US) Best Practices Guide, produced by the eduroam-US Advisory Committee. The guide examines tools and strategies for deploying and running eduroam in an interoperable and scalable way. Authors of the guide discusseds the origins, development, and content of the guide.
Presenters
Andrew Buker, University of Nebraska
Jeff Egly, Utah Education and Telehealth Network
Rob Gorrell, University of North Carolina at Greensboro
Neil Johnson, University of Iowa
Kim Owen, North Dakota State University
Mike Zawacki, Internet2, moderator
Are you considering reorganizing, reorienting, or expanding your IAM team? Or would you like to make that case?
Tune in to the February IAM Online and hear how and why the University of Minnesota expanded its Identity and Access Management team from three to eighteen and counting. From CIO Bernie Gulechek to the IAM boots on the ground, you’ll hear about the organizational journey and experience the highs and lows of our evolving structure. Even if you aren’t thinking about this right now, the webinar could spark ideas on how your campus team could be organized.
Presenters
Christopher Bongaarts, Identity and Access Management, University of Minnesota
KT Cragg, Product Owner, Access & Active Directory Teams, University of Minnesota
Bernard Gulechek, VP and CIO, University of Minnesota
Kevin Morooney, Internet2 (moderator)
The National Science Foundation has announced another Campus Cyberinfrastructure funding program and it again includes InCommon Federation requirements. Are you planning to respond to the National Science Foundation Campus Cyberinfrastructure (CC*) solicitation? Looking to better support inter-institutional academic collaboration? Would you like information on including federation capabilities to your cyberinfrastructure plans?
If you answer “yes” or even “maybe” to any of these questions, join us for a webinar to learn more about developing Campus Cyberinfrastrcture (CI) plans and how to support the InCommon Federation requirements. Three organizations will share their previously funded CI plans.
Tom Barton, University of Chicago and Internet2
Klara Jelinkova, Vice President for International Operations and IT, Rice University
Marc Wallman, Vice President for Information Technology, North Dakota State University
Download the slides (PDF)
View the recording (YouTube)
Everyone has wrestled with the various aspects of COVID-19, including reopening of campuses and businesses and the resulting need for testing and tracing, and related concerns such as building access and monitoring. The University of Illinois built the Safer Illinois application to support the university community during COVID-19. The app features personalized testing locations and results, verification of building access, and optional alerts to notify an individual of possible exposures.
Edward Delaporte, Manager, Cybersecurity Software Development & Assurance, University of Illinois
Isaac Galvan, Senior Application Developer, University of Illinois
Keith Wessel, IAM Architect, University of Illinois
View the recording (YouTube)
In our new virtual world created by COVID, we have webinars and Zoom calls and virtual conferences, but we don’t have those hallway spaces for people to tell their individual stories on how they got involved in the community and how you can, too.
This IAM Online will focus on the origin stories of our community members: why they got involved and the benefits of working together to solve common issues and challenges. You will also hear about how the IAM community organizes itself through InCommon to explore issues and solutions.
Judith Bush, OCLC
Rob Carter, Duke University
Tommy Doan, Southern Methodist University
Rob Gorrell, University of North Carolina at Greensboro
Jon Miner, University of Wisconsin-Madison
Laura Paglione, Spherical Cow Group
Jessica Fink, InCommon/Internet2 (moderator)
How do we hire for Identity and Access Management? The work requires a wide and diverse skillset and the qualified people already have jobs. Additionally, the COVID-19 pandemic has brought new IAM and budget challenges to higher education, so existing employees are being asked to retrain in these areas.
This webinar will dive into hiring people with the right skills to adapt and learn from the CIO perspective, the core skills to get folks started in IAM from the hiring manager perspective, as well as education and training options to bring new hires up to speed.
Kirk Kelly, Vice President for Information Technology and CIO, Portland State University
Erica Lomax, Director of Identity and Access, Oregon State University
Jessica Fink, InCommon Advocacy Program Manager
Heather Flanagan, IDPro
Kevin Morooney, Vice President for Trust and Identity and NET+, Internet2 (Moderator)
Wi-Fi access has become critical for universities all over the world. Many research and education organizations have turned to eduroam – the global roaming WiFi service – to help students, faculty, staff, and visitors participate in online learning, research, working, and socializing.
This special edition of IAM Online provides a look at how three organizations have leveraged eduroam to meet these new and emerging needs.
Attend this IAM Online and learn how these organizations are creatively expanding the use and deployment of eduroam.
Moderator
Mike Zawacki, Internet2
Presenters
Saira Hasnain, University of Florida
Sharon Pitt, University of Delaware
Jeff Egly, UETN
May 13, 2020
Federated access to scholarly content and services for campus users is more important than ever. Campus stakeholders have vested interested in seeing this done well, but often use different language and focus on different aspects of the technology. This webinar will highlight how different groups on campus are approaching support for users and how the scholarly communications industry is using federated technology like SeamlessAccess and GetFTR to enable access.
Moderator
Heather Flanagan
Speakers:
Lisa Hinchliffe – Professor/Coordinator for Information Literacy Services and Instruction in the University Library, University of Illinois at Urbana-Champaign.
Ralph Youngen – In his current role at the American Chemical Society, Ralph focuses both on internal technology strategy and external partnerships for the benefit of ACS Publications and the broader research community.
April 8, 2020
Two-factor authentication provides a straightforward way to increase the security of online systems and resources. Implementation may not be as straightforward. Join this IAM Online to hear about the implementation challenges and successes, including adopting the technology, by three community members.
The webinar builds on a recent paper developed by a number of community members through the EDUCAUSE Higher Education Information Security Council, and provides an interactive platform to engage with the authors.
Moderator
Tom Barton, University of Chicago and Internet2
Presenters
Lorrie Burroughs, Georgia Institute of Technology
Hank Foss, Sacred Heart University
Moeen Taj, Montgomery College
March 11, 2020
Are you interested in how community-built software and services can solve your identity and access management challenges — such as lifecycle management or easing provisioning and deprovisioning concerns? Learn how organizations are solving these and other challenges in this IAM Online. We’ll bring you three case studies from schools participating in InCommon’s 2020 Collaboration Success Program (CSP).
These organizations have access to training, software experts and (most important) one-another as they work through adoption and implementation. They are using the InCommon Trusted Access Platform, the community-developed identity and access management suite.
You’ll hear about:
Presenters
Tommy Doan, Southern Methodist University
Ethan Kromhout, University of North Carolina – Chapel Hill
Lacey Vickery, University of North Carolina – Charlotte
Moderator
Keith Hazelton, Internet2
February 12, 2020
Download the slides (PDF)
View the archived webinar (YouTube)
Do you wonder where the next set of identity and access management priorities and features come from? Would you like to know what’s in the works for 2020?
Key InCommon advisory groups develop work plans each year, inviting comments and suggestions from community members. Join us for this IAM Online to hear about the service enhancements that might be coming down the pike.
The chairs of each of these key advisory groups will discuss work plans for 2020 and how those might impact InCommon and the broad identity and access management community.
—–
Moderator
Kevin Morooney, Vice President for Trust and Identity Services and NET+, Internet2
Presenters
David Bantz, University of Alaska (CTAB)
Janemarie Duh, Lafayette College (TAC)
Tom Jordan, University of Wisconsin-Madison (CACTI)
January 15, 2020
Our first IAM Online of 2020 will provide another method of passwordless authentication; this one developed by Duke University.
Duke has integrated its Shibboleth Identity Provider with WebAuthn to allow one-step, passwordless multi-factor authentication. In this session we’ll discuss the evolution of this pilot, including:
For each of these phases, we’ll discuss challenges, lessons learned, and policy decisions that helped us move forward. We’ll wrap up with recommendations about how to make passwordless authentication a reality at your institution, including some thoughts about technical and political challenges and strategies for moving through those issues.
December 4, 2019
Earlier this year, InCommon participants reached 100% adherence to Baseline Expectations for Trust in Federation, a community-driven effort to raise the trust in the InCommon Federation by requiring certain practices and elements in metadata.
The InCommon Community Trust and Assurance Board (CTAB) has begun plans for the second round of Baseline Expectations. After surveying the community and extensive discussions, CTAB is ready to propose Baseline version 2. Join us to hear about the process and the potential requirements.
Presenters
David Bantz, University of Alaska
Albert Wu, InCommon Federation Service Manager
November 13, 2019
Capping a multi-year effort to move away from passwords, Stanford University has deployed the final component: client certificates that strongly authenticate both the user and the device. This process is integrated with the university’s Shibboleth identity provider and also requires a two-factor login once every 90 days.
Michael Duff, chief information security officer at Stanford, will describe why the university took this approach and lessons learned during the journey. He will also discuss the underlying systems and key design decisions mode over the six-year project. Join us to hear this story of “safer and simpler computing,” which dramatically improves security and the user experience.
Presenters
Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2
October 9, 2019
Download the slides (PDF)
View the recording
What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?
Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.
Download the slides (PDF)
View the recording (YouTube)
September 11, 2019
Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?
Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.
Hear about the successful deployment of Grouper and planned migration of the Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.
Presenters
Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign
July 9, 2019
InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.
Download the slides (PDF)
Recording not available
Wednesday, April 10, 2019
The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.
In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.
As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.
Presenters
March 20, 2019
Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.
CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.
Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.
Presenters
December 12, 2018
How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.
Presenters
Moderator
September 12, 2018
Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.
Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).
Presenters
Moderator
August 8, 2018
Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.
In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.
Presenters
Moderator:
