Identity Future

Marc Canter leapt to OpenID’s defense against Michal Migurski’s criticism.

…there are those who think we DON’T need anything more than simple single sign-on. In fact I had lunch with the CEO of SixApart (Barak Berkowitz) who said Brad Fitzpatrick is fairly skeptical of anything beyond his original simple scenario.

But, says Canter, “we need the attribute exchange to make this thing really take off.”

Then all the skeptics will realize that the authentication layer HAD to come first - but was just a first step. Along the way we’ll figure out standards for user intrerface and usage flow.

But for now - the critics are right - OpenID as it stands right now is just authentication and that ain’t gonna rock nobodies world - except for Bard Fitzpatrick’s world - I guess.

attribute exchange, authentication, evolution, marc canter, openid, single sign-on, sso

InCommon, an identity management federation serving US higher education, announced that it is substantially expanding its community to include an additional ten universities, four service providers, and a private identity provider.

“The research and education community, which today depends upon online resources through its partnerships with content and service providers, has been at the forefront of deploying the federated identity management approach,” said Tracy Mitrano, director of Information Technology Policy, Cornell University and chair of the InCommon Steering Committee.

InCommon provides the framework for the partners and sponsors to share protected online information and resources. The resource sharing needs to be done in a highly secure manner while keeping the privacy of those who access this material just as safe. InCommon which uses Shibboleth Technology helps to ease the troubles of the partners by providing single sign-on capabilities to access multiple resources.

“To meet the increasing campus demand for using external applications and online resources, we developed and implemented solutions that efficiently use our existing information infrastructures securely and safely in such a way that we maintain control over the release of personal information for people at Penn State,” said Kevin Morooney, vice provost of Penn State University. “InCommon is a vitally important part of this infrastructure and helps put us in a position to provide a richer, easier to use, safer online experience for Penn State students, faculty, and staff.”

higher education, incommon, indentity management, universities

Educause is hosting CAMP Shibboleth: Enabling Campus and Federated Single Sign-On on June 26–28, 2006 in at the Wyndham Burlington, in Burlington, Vermont.

Unsure about what the Shibboleth System is about and how it can be used in production on your campus? Looking for a Web single sign-on package that can be used both for local applications and in federated environments?

Internet2’s Shibboleth is being deployed nationally and internationally to solve real-world problems associated with intra- and interinstitutional authentication and authorization. For Web-based access control, it leverages campus identity and access management infrastructures to authenticate individuals and then sends information about them to the resource site, enabling the resource provider to make an informed authorization decision.

Many consider the Shibboleth System to be federating software, which it is; however, more and more campuses are asking what value they get, if any, from deploying separate intra- and intercampus single sign-on systems. Increasingly, these campuses are deploying Shibboleth for both purposes. It’s a tool that enables Web authentication and provides authorization information for applications and services, independent of who’s offering them.

This CAMP will offer concrete practice and real-world experience from institutions running Shibboleth in production for controlling access to both on and off-campus services. Featured in this workshop will be an Application Showcase where campuses and vendors will demonstrate the Shibboleth System in action.

Both IT management and technical staff will find sessions of interest on the program and guidance for running Shibboleth in production. Participants will:

CAMP Shibboleth: Enabling Campus and Federated Single Sign-On, June 26-28 in Burlington, Vermont, will give you the opportunity to:

• Learn strategies for managing identity and privilege information used by the Shibboleth System
• Understand the management issues involved in running a Shibboleth-enabled learning management system
• Discover Shibboleth’s value as a campus Web sign-on package
• Learn about SAML 2.0, the mechanism that carries the identity information
• Find out the questions you should ask your information/library vendors about SAML and Shibboleth System support
• Hear practical advice for running the Shibboleth System on server clusters

Participants are encouraged to have a sound knowledge of IdM to learn the most from the sessions. Those interested in knowing more about IdM can review the Enterprise Directory and Authentication Implementation roadmaps.

camp, educause, identity, identity management, idm, middleware, nmi-edit, saml, shibboleth, single-sign on, sso