Webinars

January 15, 2020

• Download the slides (PDF)
• View the recording (YouTube)

Our first IAM Online of 2020 will provide another method of passwordless authentication; this one developed by Duke University.

Duke has integrated its Shibboleth Identity Provider with WebAuthn to allow one-step, passwordless multi-factor authentication. In this session we’ll discuss the evolution of this pilot, including:

• Initial drivers
• Proof of concept
• Early release
• Iterations, the feedback they generated, and resulting changes

For each of these phases, we’ll discuss challenges, lessons learned, and policy decisions that helped us move forward. We’ll wrap up with recommendations about how to make passwordless authentication a reality at your institution, including some thoughts about technical and political challenges and strategies for moving through those issues.

December 4, 2019

• Download the slides
• View the recording

Earlier this year, InCommon participants reached 100% adherence to Baseline Expectations for Trust in Federation, a community-driven effort to raise the trust in the InCommon Federation by requiring certain practices and elements in metadata.

The InCommon Community Trust and Assurance Board (CTAB) has begun plans for the second round of Baseline Expectations. After surveying the community and extensive discussions, CTAB is ready to propose Baseline version 2. Join us to hear about the process and the potential requirements.

Presenters
David Bantz, University of Alaska

Albert Wu, InCommon Federation Service Manager

November 13, 2019

• Download the slides
• View the recording (YouTube)

Capping a multi-year effort to move away from passwords, Stanford University has deployed the final component: client certificates that strongly authenticate both the user and the device. This process is integrated with the university’s Shibboleth identity provider and also requires a two-factor login once every 90 days.

Michael Duff, chief information security officer at Stanford, will describe why the university took this approach and lessons learned during the journey. He will also discuss the underlying systems and key design decisions mode over the six-year project. Join us to hear this story of “safer and simpler computing,” which dramatically improves security and the user experience.

Presenters

Michael Duff, Stanford University
Tom Barton (moderator), University of Chicago and Internet2

October 9, 2019

Download the slides (PDF)
View the recording

What is all the fuss about Docker and containers, anyhow? What are the advantages of using containerized versions of Shibboleth and Grouper provided by the InCommon Trusted Access Platform? Why might you want to “Dockerize” other in-house applications and services? How can you get started?

Learn how the University of Maryland Baltimore County (UMBC) streamlined operations and reduced downtime by moving the Shibboleth Identity Provider from standalone VMs to Docker containers. We’ll discuss what motivated this, how UMBC introduced Docker to its existing environment, how they ultimately transitioned to a container-only deployment, and what’s ahead. Hear about UMBC’s initial roll-out of Grouper using the InCommon Trusted Access Platform and plans to migrate the campus ERP software (PeopleSoft) to containers.

Download the slides (PDF)
View the recording (YouTube)

September 11, 2019

Are you considering moving some or all of your identity management infrastructure to the cloud? Want to know more about using containerized software?

Learn how Illinois chose their path to leverage “the cloud” and their “cloud-first” strategy. The implementation team at the University of Illinois at Urbana-Champaign will share their path to deployment of access management software in the cloud. What started as a Grouper product evaluation led to adapting the InCommon Trusted Access Platform into a continuous integration and continuous development “DevOps” process using low- or no-cost open-source tools.

Hear about the successful deployment of Grouper and planned migration of the  Shibboleth IdP infrastructure to Docker containers in AWS using the Elastic Container Service “Fargate.” This presentation revisits our popular presentation and demo at the 2018 Internet2 Global Summit as an update of sorts with our current state of affairs.

Presenters

Erik Coleman, University of Illinois at Urbana-Champaign
Keith Wessel, University of Illinois at Urbana-Champaign

July 9, 2019

InCommon moves its new metadata service into production on July 9 (as a release candidate for early adoption). This new service – called per-entity metadata or metadata query (MDQ) – will significantly reduce resource utilization on participants’ federation deployments by providing a new way to retrieve metadata.

Download the slides (PDF)

View the recording

Wednesday, April 10, 2019

• View the recording (YouTube)
• Download the slides

The Shibboleth Consortium is an international non-profit consortium that is responsible for the development, support, maintenance, and strategic direction of the Shibboleth software, which is prevalent in InCommon and federations worldwide.

In the two years since the Consortium was last presented at IAM Online, its membership has grown significantly, largely from US institutions joining. The growth in membership has placed the Consortium on a stronger financial footing, and enabled expansion in the development team.

As we move into the second quarter of 2019, this webinar will provide a short update on the status of the Consortium before moving to present the Shibboleth development roadmap for the next 12 months, seeking feedback from the community of users.

Presenters

• Scott Cantor (Ohio State), Shibboleth Developer and Board Member
• Justin Knight (Jisc), Shibboleth Consortium Manager

March 20, 2019

• View the recording (YouTube)

Are you interested in exploring ways that federation and identity management can be easier for research projects, virtual organizations, and other collaborations? Join us to learn about two new services: CILogon’s subscription federated identity platform, and GÉANT’s eduTEAMS service for managing user membership and access rights.

CILogon’s new subscription service offers a hosted federated identity and collaboration management platform for research projects on campus. Developed under funding from the National Science Foundation and the Department of Energy, CILogon’s open source software-as-a-service platform builds on the Shibboleth and COmanage software.

Leveraging the ubiquitous presence of eduGAIN federated identities, eduTEAMS – a service provided by GÉANT – enables communities to securely access and share common resources and services. Implementing the AARC Blueprint Architecture, eduTEAMS provides a central point for communities to manage user membership and access rights, connect services and identity providers and centrally apply access policies.

Presenters

• Tom Barton, Moderator, University of Chicago and Internet2
• Jim Basney, Senior Research Scientist, National Center for Supercomputing Applications, University of Illinois at Urbana-Champaign
• Christos Kanellopoulos, Senior Trust and Identity Manager, GÉANT

December 12, 2018

• View the recording (YouTube)
• Download the slides

How are trust and identity initiatives shaping the adoption of OpenID Connect (OIDC) and OAuth 2.0 technologies within and for the research and education community? How can home organizations and research projects ensure these technologies deliver what we need for use cases involving multiple institutions? Llearn how InCommon, REFEDS, GÉANT, and others are coordinating efforts to influence the evolution of these technologies, including the creation of a R&E working group within the OpenID Foundation. Attendees will learn practical ways to navigate this landscape, with recommended actions to plan for in 2019.

Presenters

• Rachana Ananthakrishnan, Globus
• Roland Hedberg, Catalogix
• David Vaghetti, Consortium GARR
• Albert Wu, InCommon/Internet2

Moderator

• Nathan Dors, University of Washington

September 12, 2018

• View the recording (YouTube)
• Download the slides

Interested in the Internet2 IAM software suite (a.k.a. TIER)? Planning on deploying or upgrading Grouper? Join us for the next IAM Online, which will focus on the TIER access governance strategy described in the Grouper Deployment Guide, a comprehensive document developed collaboratively by and for the trust and identity community.

Bill Thompson will lead you through these topics and touch on the container-based architecture of the Internet2 TIER packaged software. In addition, Chris Hyzer will touch on the features and changes in the new Grouper release (v2.4).

Presenters

• Chris Hyzer, University of Pennsylvania
• Bill Thompson, Lafayette College

Moderator

• Michael Gettes, University of Florida

August 8, 2018

• View the recording (YouTube)
• Download the slides

Identity Matching is an essential part of any institution’s identity management processes. When a new student or employee enters the system, are they already known from a previous affiliation? What if an error is corrected later in their identity data? How does the system detect possible duplicate identities later? Doing identity matching well is really hard, but preventing duplicate identities or cases of mistaken identity can lead to some sticky situations.

In this IAM Online, you’ll hear from two speakers with ideas to help you improve your identity matching practices. Summer Scanlan will talk about some of the procedures used at the University of California, Berkeley for identity matching and her work to continue to improve them. Ben Oshrin from Spherical Cow Group will explain the technology behind identity matching and give a sneak peek at identity matching work coming out of Internet2’s TIER initiative.

Presenters

• Benn Oshrin, Spherical Cow Group
• Summer Scanlan, University of California, Berkeley

Moderator:

• Keith Wessel, University of Illinois at Urbana-Champaign