The InCommon Federation The U.S. Access and Identity Management Federation www.incommon.org.

Slides:



Advertisements
Similar presentations
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Advertisements

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Presented by: Doug Falk National Student Clearinghouse Student Access to Federal Loan Data and Other Online Student Services.
Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
InCommon and Federated Identity Management 1
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
NIH iTrust Peter Alterman/Debbie Bucci National Institutes of Health October 2010.
Presenter’s Name InCommon Approximately 80 members and growing steadily More than two million “users” Most of the major research institutions (MIT joining.
InCommon Policy Conference April Uses  In order to encourage and facilitate legal music programs, a number of universities have contracted with.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation Clair Goldsmith,
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
1 The Partnership Challenge Higher education’s missions are realized in increasingly global, collaborative, online relationships –Higher educations’ digital.
IAMOhio: OARnet’s Trusted Identity Federation Internet2 Fall Member Meeting 2012 Philadelphia, PA Mark Beadles Program Manager, IAMOhio Federation
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.
Single Sign-On Multiple Benefits via Alaska K20 Identity Federation 20 May 2011 BTOP Partner Meeting Anchorage, Alaska 20 May 2011 BTOP Partner Meeting.
Exploring InCommon Getting Started with InCommon: Creating Your Roadmap.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
IDENTITY ASSURANCE PROFILES AND FRAMEWORK DOCUMENTS: PEEK INTO PROPOSED FICAM CHANGES 12/12/12 1.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Federations 101 John Krienke Internet2 Fall 2006 Internet2 Member Meeting.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
Integrated Institutional Identity Infrastructure: Implications and Impacts RL “Bob” Morgan University of Washington Internet2 Member Meeting, May 2005.
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
The InCommon Federation The U.S. Access and Identity Management Federation
Shibboleth Update Eleventh Federal & Higher Education PKI Coordination Meeting (Fed/Ed Thursday, June 16, 2005.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
SIF for US Science Michael Helm Esnet 09 June 2011.
State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Federated Identity Management at NIH…NIH Login and Beyond Debbie Bucci September 2009.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Project Presentation to: The Electronic Access Partnership July 13, 2006 Presented by: Tim Cameron, Meteor Project Manager The.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Identity Management, Federating Identities, and Federations November 21, 2006 Kevin Morooney Jeff Kuhns Renee Shuey.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
InCommon Federation: Federating Relationships. Topics Administration Library Research Student Services Personal and Collaborative Applications Federal.
SEPARATE ACCOUNTS FOR PROSPECTS? WHAT A HEADACHE! Ann West Assistant Director, InCommon Assurance and Community Internet2 at Michigan Tech.
The Policy Side of Federations Kenneth J. Klingenstein and David L. Wasley Tuesday, June 29, CAMP Shibboleth Implementation Workshop.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Health Information Exchange: Alaska’s Health Pipeline Alaska Bar Association Health Law Section February 2, 2012 Carolyn Heyman-Layne.
EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.
Tom Barton, Senior Director for Integration, University of Chicago
California State University CSUconnect Federation
InCommon Steward Program: Community Review
Privacy, Security, and Identity Management Update
HIMSS National Conference New Orleans Convention Center
Presentation transcript:

The InCommon Federation The U.S. Access and Identity Management Federation

The InCommon Federation InCommon is the national research and education federation in the United States. InCommon membership includes higher education, federal research labs, government agencies and online service providers. InCommon establishes the trust relationship among organizations through common policies and procedures.

InCommon Facts Fact: InCommon has more than 3 million higher education users. Fact: InCommon membership has doubled yearly for several years Fact: InCommon higher education members include institutions of all sizes, including community colleges, research universities, and small liberal arts colleges. Fact: InCommon technology is based on standards being adopted globally.

The InCommon Federation Today InCommon includes: –116 higher education participants –Six government and nonprofit laboratories, research centers, and agencies (including NIH and NSF) –41 sponsored partners –Two county K-12 school districts (as part of a pilot)

Attributes: Anonymous ID, Staff, Student, … Federated Access in 30 seconds Metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth 4. If attributes are acceptable to resource policy, access is granted! 3. Authorization: Privacy- preserving exchange of agreed upon attributes 2. Federation-based trust exchange to verify partners and locations 1. Authentication: single-sign-on at home institution Home Institution – user signs in Online Resource

Value of InCommon Governance by a representative Steering Committee –Formulates policy, operational standards and practices, establishes a common set of attributes and definitions. Legal Agreement –Basic responsibilities, official signatory and establishment of trust, conflict and dispute resolution, basic protections Trust “Notary” –InCommon verifies the identity of organizations and their delegated officers Trusted Metadata –InCommon verifies and aggregates security information for each participant’s servers, systems, and support contacts Technical Interoperability (Technical Advisory Committee) –InCommon defines shared attributes, standards (SAML), software (Shibboleth)

Value of InCommon InCommon uses SAML-based authentication and authorization systems (such as Shibboleth ® ) to enable scalable, trusted collaborations among its community of participants. InCommon supports both SAML 1.x and SAML 2.0. Several products interoperate with Shibboleth, including those offered by IBM (Tivoli), Oracle, Sun, and CA (Siteminder).

InCommon Benefits Participants exchange information in a standardized format. Once an organization is a participating member, setting up a new relationship can take as little as a few minutes. Community-based collaboration and support. Use of a common authentication and authorization software provides single sign-on convenience.

Who can join InCommon? Accredited two- and four-year higher education institutions. Partner organizations sponsored by higher education participants.

Joining InCommon Business, education, research, and government organizations who partner with higher education join the Federation as Sponsored Partners. Participation agreement – agreeing to the policies of the federation and the community. Develop your participant operation practices (POP), which helps other federation members determine level of trust, privacy policies, attribute collection/use policies. Metadata: “Data about data” – a lynchpin of federating.

What does it cost to join InCommon? One-time fee of $700. Annual fee of $1,000 (for up to 20 service provider systems). Note: this is the cost for InCommon membership. Depending on your integration and infrastructure, you may incur additional costs for implementation of software and systems.

InCommon and the Federal Government Signed agreements with National Institutes for Health, National Science Foundation Interest expressed by, or in discussion with, several agencies, including: NASA Department of Agriculture Department of Energy CA Big (National Cancer Institute) CA Grid (National Cancer Institute)

InCommon and the NIH –Working on LoA 1 applications with NIH Clinical and Translational Science Awards –National Libraries of Medicine Genome data Testing with University of Washington –Piloting LoA 2 application with NIH eRA (electronic Research Administration) Involves NIH, InCommon, University of Washington, Penn State University, Johns Hopkins University, University of California Davis Technical demo September 22, 2009 (Federal Demonstration Partnership meeting) Rollout during 2010

InCommon and the NSF –Piloting LoA 1 application (research.gov) at the National Science Foundation Involves InCommon, Penn State and the University of Washington Testing sandbox is up and running Technical demo September 22, 2009 (Federal Demonstration Partnership meeting) –More applications under consideration, once this pilot is completed

InCommon and the Federal Government –Worked closely with GSA to provide feedback on the new federal trust framework. GSA Federal CIO Council (FCIOC) Information Security and Identity Management Committee (ISIMC) Program oversight by Identity, Credential and Access Management Subcommittee (ICAMSC) –Federal trust framework based on OMB’s M (risk management) and NIST (electronic authentication guidelines). –InCommon helped inform the latest revision of NIST levels of assurance (LoA).

InCommon Silver –InCommon Silver profile comparable to NIST LoA2 –Silver pilot now underway at NIH Technical demonstration at FDP meeting Sept. 22 Full roll-out (with auditing, policy, and standards in place) in fall –InCommon assurance profiles based on OMB M and NIST –InCommon will soon submit its Bronze and Silver assurance profiles to the Identity, Credential and Access Management Subcommittee. –Once approved by ICAMSC, Bronze and Silver will be approved for use with all federal agencies at LoA1 and LoA2, respectively.

InCommon Testing and Development –InCommon is community governed and community driven –Testing and Development done through pilots Involve the service provider and identity providers Staff and community recruit higher education institutions to serve in pilots NIH and NSF pilots good examples Current pilot example: several university libraries working with library database providers on Shibboleth/EZProxy hybrid

InCommon Transition InCommon works with partners such as NIH to manage transition. Apps can use both federation and traditional sign-on. Users from non-federated institutions can use generic identity providers such as ProtectNetwork or federal contractors.

Benefits to the Department of Education –Through InCommon, each educational institution can manage authentication for its faculty, students and staff. –With higher education institutions authenticating their users, the need for password resets will be eliminated (one estimate – a single password reset request costs $50). –Adding higher education partners can take just minutes. –Low up-front and annual costs. –Community support.

Benefits to the Department of Education –Federating additional applications becomes easier and less time- consuming. –Shibboleth, and thus InCommon, can interoperate with the department’s existing Tivoli deployment. –InCommon has had significant interaction with the GSA and other agencies developing the federal government’s new trust framework.

The InCommon Federation The U.S. Access and Identity Management Federation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.