Catalyst to Catalyst (Winter 2024): Ideas and Insights from InCommon Catalysts 

Question: What is the greatest challenge you’ve seen research and education institutions address this year?

Response: Ransomware is getting smarter and harder to block. We have to really be on our game to stay ahead of the bad actors. Vetting both creation of accounts and service of accounts needs to be handled with much more care. Social engineering can undo almost all the technical safeguards you put in place. MFA is now a requirement and no longer a nice to have. Account deprovisioning is as important as provisioning. A contractor account from five years ago can be a huge hole if it’s still sitting there untouched.

– Andrew Tillinghast, IAM Engineer, Unicon; info@unicon.net

Response: Back in 2019, many higher education institutions had begun strategizing on streamlining identity governance and administration, increasing the resilience and security of network infrastructure and access management, as well as identifying systems that would greatly benefit from an overhaul and modernization to meet the anticipated future demands of the R&E community.

Cue 2020. Resources got redirected, and priorities were changed. Initiatives got mothballed and/or forgotten. And then by this year, 2024, some critical staff have moved on to new jobs or retired, which was the straw that broke the camel’s back.

It is worth noting that turnover in higher education is down (14%) from its pandemic peak (16%); however it’s still higher than it was pre-pandemic (12%). Turnover has affected all levels within the org chart, from individual contributors up to leadership, and all of it is disruptive to making progress on the large modernization initiatives that are essential for sustaining IT services.

High churn rates disrupt leaders’ ability to conduct long-term strategic planning and slow progress on critical projects. With new leaders come new priorities, and when the figurehead championing your system modernization is lost, teams lose inertia and resources. Especially when the departing employee is a visionary leader or essential team member, those who remain resort to roles more focused on maintaining the current state of things and reacting to outages and less focused on big-picture thinking. Progress stalls on strategic priorities, and burnout increases. This is not sustainable.

Leaders are correcting this side-slip by systematically identifying and prioritizing solution updates once again, starting with those likely to have cascading effects. This has required creative thinking like revising governance, adapting funding models, exploring newer technology solutions, and joining strategic partnerships or consortiums. At Vantage, we’ve lent our expertise to assisting with higher education strategic realignment for stalled IT efforts.

– Jacqueline Pitter, CISSP, Senior Strategic Consultant, Vantage Technology Consulting Group; jacquelinepitter@vantagetcg.com

Question: As we celebrate InCommon’s 20th Birthday, why is it important or meaningful to have a vibrant IAM community in research and education?

Response: Having spent 20 years in the IAM field, with 10 years in higher education and 10 years consulting in the same space, it feels fitting to reflect on InCommon’s 20th birthday. This milestone gives me a moment to reminisce about my time working in higher education on IAM-related activities.

I recall the days when purchasing and managing SSL certificates felt like a dreaded task, akin to buying a gift for an aunt or uncle without knowing where to start. InCommon revolutionized this experience, making SSL certificate issuance a breeze, a benefit that continues today.

Shibboleth was another game-changer for the higher education community. In 2005, a professor from the computer science department asked if I would mentor a group of graduate students on setting up a Shibboleth IdP/SP environment. At the time, we were an Oracle SSO school, and it was eye-opening to see Shibboleth’s power and flexibility, which remain impressive today. The adoption of single sign-on, particularly Shibboleth, significantly improved user experience in the early 2000s, a change any help desk would appreciate. I must also mention my colleague Mark Earnest, who has the distinction of running the first Shibboleth IdP in production during his tenure at Penn State University, planting his roots in the InCommon community.

Grouper is another noteworthy tool. I recall strategizing with executive leadership on how to leverage Grouper. Despite debates over naming conventions, it was clear the technology addressed significant needs in higher education and access management. Today, it’s rare to consult with a school that isn’t using Grouper. The product has evolved into a tool for which there really is no commercial vendor equivalent.

Instrumental Identity has collaborated with over 15 colleges and universities over the past two decades, including 10 R1 universities. Each engagement often begins with claims of uniqueness or exceptions, but we always find that their use-cases and scenarios are similar to those of other schools. As IAM consultants and InCommon Catalyst partners, we take great joy in fostering community experiences, connecting schools to share ideas and solutions around IT and IAM. This community engagement is what paves the roadmap for InCommon to support higher education and research.

– Paul Hodgdon, CEO, Instrumental Identity; paul@instrumentalid.com (Past Life: IAM Manager at the University of New Hampshire)

Response: In 2003, Blackboard announced their compatibility with Shibboleth. At the time, I was leading the LMS effort at the university where I was working so that became my first exposure to Internet2. A year or two later, I transitioned from LMS to building the IAM practice, broadening my perspective significantly. We finally joined InCommon in August 2008 (after paperwork sat on desks for months) with student access to DreamSpark as our first real driver. Reflecting on what we were doing 20 years ago—we were beginning to adopt a more enterprise approach to campus services, but it was a much smaller and slower-paced world. Over the past two decades, two constants have stood out to me: “change” and “community.” 

Education has steadily become more digital and more expensive. Student bodies have become more female and diverse overall. Curricula have shifted to meet changing workplace demands as the economy has expanded its demand for knowledge workers. Simultaneously, technology has evolved immensely. Everything is more interconnected, more sophisticated, and more threatened. The response to the global health crisis in 2020 underscored a growing trend: Work and technology don’t fit into their previously-defined buckets, necessitating a reconsideration of traditional borders and security. 

The stabilizing balance to the changes in both IT and education has been community. Research and education have collaboration in their DNA, and InCommon has effectively fostered connection and best practices that span institution types and technologies. As resources become more precious, the need to learn from one another and avoid reinventing the wheel becomes paramount. I have always been able to reach out to peers at other institutions with questions, ideas, or pleas for help, and I’ve never been disappointed. 

IAM forms the nexus where business needs, technology, and security meet—often raising difficult questions that no single discipline or institution can answer alone. As we consider the implications of AI, respond to ever-increasing financial and regulatory pressures, focus on student success and retention, and face whatever lies beyond, we need to lean on each other more than ever. InCommon has established and grown a vibrant IAM community, representing an invaluable resource for research and education as we prepare for the next 20 years. I’m grateful to be a part of it and look forward to continuing to support it.

– Paul Erickson, Senior Consultant, IAM Architecture & Strategy, Moran Technology Consulting; paul.erickson@morantechnology.com

Response: Happy 20th birthday, InCommon! In the spirit of this milestone, it’s a great time to reflect on why a thriving identity and access management (IAM) community is so essential in research and education.

At its core, this community makes it easier for students, faculty, and researchers to connect with the resources they need—anytime, anywhere. My mind immediately thinks of researchers trying to access a dataset at another university halfway around the world. Without a solid IAM framework, logging in, verifying identity, and securing permissions could be impossible, delaying important discoveries. Thanks to the IAM community’s work, these hurdles become less intrusive to their work.

Certainly, initiatives like InCommon’s federated identity solutions allow individuals to use one set of credentials to tap into tools, datasets, and services across countless institutions. That’s incredible. But the real power of a vibrant IAM community is about people who work together. IAM professionals collaborate with researchers, administrators, and IT staff to understand specific needs and tailor solutions that fit. Compliance with data policies becomes simpler, too, because everyone is adhering to the same well-understood standards.

What truly makes this particular community special is its commitment to continuous improvement. Through InCommon’s programs, community members share best practices and support each other in raising the bar for trust and security. They focus not just on locking things down, but on making access easy, intuitive, and fair. What I’ve noticed is that as technology evolves, the IAM community steps up to make sure that future digital transformations meet the needs of everyone involved.

Looking ahead, the role of IAM will only grow in importance. The world is getting more connected, and we need reliable, user-friendly systems that bring people closer to knowledge and opportunity. This IAM community, nurtured by InCommon and its partners, is leading the way—linking people, resources, and ideas in a global effort to advance research and education. That’s absolutely worth celebrating!

– Netta Caligari, Community Lead, West Arete; netta@westarete.com

Response: IAM is not an easy thing to do well, especially not in research and education where most complicated scenarios from standards are a best practice, lifecycles can quickly turn into a nightmare, and every possible exception exists indeed. However, these challenges are outweighed by enabling students, researchers, and other academics to do their jobs and advance human knowledge. 

Fortunately, InCommon is doing a phenomenal job of getting the right people together and supporting them in building such a wonderful community. I recently attended the Internet2 Technology Exchange where one can truly experience the community at its full potential. It’s great to be part of such amazing conversations, share ideas, and help each other achieve the best outcomes. That holds true for all interactions with the community, even though most of them are online and therefore are not as intensive as a face-to-face conference experience. Overall, the collaborative spirit of the community makes it possible to solve the hard academic IAM challenges that anyone would struggle to solve alone – if it’s even possible.

As we are celebrating InCommon’s 20th Birthday, I hope there will be many more birthdays to celebrate with the IAM community getting even stronger, and I will always be part of it.

– Slavek Licehammer, Head of Engineering, Evolveum; academia@evolveum.com