www.incommon.org InCommon Grows Up www.incommon.org Kevin M. Morooney Vice Provost for Information Technology Penn State 2010 Chair, InCommon Jack Suess Vice Provost for Information Technology UMBC 2010 Vice Chair, InCommon www.incommon.org How we’ll use the time • InCommon... – ...101 & Background – ...Community – ...On campus – ...Beyond campus – ...The Futures Report - Our blueprint – ...Hot topics 2 www.incommon.org Who is here? 3 www.incommon.org The InCommon Basic Value Propositions (v1.0) •For the campus: InCommon enables campuses to leverage their identity management systems to allow the use of one set of credentials to access multiple resources. •For the provider: Online service providers no longer need to maintain user accounts. Identity providers manage the levels of their users' privacy and information exchange. •For everyone: InCommon uses SAML-based authentication and authorization systems (such as Shibboleth®) to enable scalable, trusted collaborations among its community of participants. www.incommon.org ...another way to say it.... www.incommon.org InCommon Federation Value Proposition (v1.1) Provides the trust framework for access to online resources • Single sign-on with higher education credentials • Enhanced security with fewer data spills • Privacy – release of only those attributes necessary • Access – Service provider makes decision based on attributes • Scalable – Once implemented, federated access relatively simple to extend www.incommon.org ...another way to say it.... www.incommon.org Before Federation After Federation www.incommon.org InCommon Community 9 InCommon Participants Year-by-Year 1 www.incommon.org Growth of InCommon Principle 50M Elvis fans can’t be wrong Arizona State University Hampden-Sydney College Texas A & M University University of Northern Colorado Augsburg College Humboldt State University University at Buffalo, SUNY University of Northwestern Ohio Baylor University Indiana University University of Alabama at Birmingham University of Oregon Brown University Iowa State University University of Alaska Statewide System University of Pennsylvania California Institute of Technology James Madison University University of Arizona University of Pittsburgh California Maritime Academy Johns Hopkins University of Arkansas for Medical Sciences University of Richmond California Polytechnic State University, San Luis Obispo California State Polytechnic University, Pomona Lafayette College University of California, Berkeley University of Rochester Liberty University University of California, Davis University of South Carolina California State University, Bakersfield Louisiana State University University of California, Irvine University of South Dakota California State University, Channel Islands Loyola University Chicago University of California, Los Angeles Massachusetts Institute of Technology University of California, Merced University of Southern California Medical University of South Carolina University of California, Office of the President University of Texas at Arlington Miami University University of California, Riverside University of Texas at Austin Michigan State University University of California, San Diego University of Texas At Brownsville Michigan Technological University University of California, San Francisco University of Texas at Dallas New York University University of California, Santa Cruz University of Texas at El Paso North Carolina State University University of Chicago University of Texas at San Antonio Northern Arizona University University of Cincinnati University of Texas At Tyler Northern Michigan University University of Colorado at Boulder Northwestern University University of Dayton University of Texas Health Science Center At Houston University of Texas Health Science Center At San Ohio State University University of Delaware Ohio University University of Denver Antonio University of Texas M. D. Anderson Cancer Center University of Texas Medical Branch at Galveston Oklahoma State University University of Findlay University of Texas of the Permian Basin Old Dominion University University of Florida Oregon Health & Science University University of Houston-Downtown University of Texas Southwestern Medical Center at Dallas of Texas System University Penn State University of Illinois at Chicago University of Texas-Pan American Princeton University University of Illinois at Urbana-Champaign University of Utah Purdue University University of Iowa University of Vermont Coconino Community College s e l r e p v o i y l e i n p a U d n 4 o i l 5 s l i 1 n o m i t r 4 e r s e s v a O f o s n lil io M University of South Florida Ramapo College of New Jersey University of Mary Washington University of Virginia College of William and Mary Rutgers, The State University of New Jersey University of Maryland University of Washington Colorado State University San Diego State University University of Maryland Baltimore County University of Wisconsin - Madison Columbia University San Francisco State University University of Maryland, Baltimore University of Wisconsin - Whitewater Cornell University San Jose State University University of Massachusetts Amherst Vanderbilt University Dartmouth Seattle Central Community College University of Michigan Virginia Commonwealth University Duke University Sonoma State University University of Minnesota Virginia Polytechnic Institute and State University Emory University Stanford University University of Missouri System Virginia State University Fairfield University Stark State College of Technology University of Nebraska - Lincoln Wake Tech Community College Florida State University Stevens Institute of Technology University of Nevada, Reno Washington University in St. Louis George Mason University Stony Brook University University of North Carolina at Chapel Hill Whitman College Georgetown University Sweet Briar College University of North Carolina at Greensboro California State University, Chico California State University, Dominguez Hills California State University, East Bay California State University, Fresno California State University, Fullerton California State University, Long Beach California State University, Monterey Bay California State University, Northridge California State University, Office of the Chancellor California State University, Sacramento California State University, San Bernardino California State University, San Marcos California State University, Stanislaus Carleton College Carnegie Mellon University Case Western Reserve University Central Piedmont Community College Clemson University s e ti i Absolute Software, Inc. Apple - iTunes U Atlas Systems, Inc. BioOne, Inc. Blatant Media Corporation Burton Group Cengage Learning, Inc. Colorado Alliance of Research Libraries Davie County Schools Digital Measures e-academy, Inc. e2Campus by Omnilert, LLC Ebook Library - EBL EBSCO Publishing EDUCAUSE Elsevier EnergyCAP, Inc. Houston Academy of Medicine - Texas Medical Center Library Identit-e Internet2 JSTOR Kuali Foundation Learn.com Leepfrog Technologies, Inc. lynda.com MCNC Microsoft National Student Clearinghouse NC Live NG Web Solutions North Carolina Department of Public Instruction OCLC OhioLink - The Ohio Library & Information Network Outside The Classroom PeopleAdmin, Inc. ProQuest LLC ProtectNetwork Qualtrics RefWorks, LLC Rockingham County Schools Safari Books Online Students Only Inc. SumTotal Systems Inc. Symplicity Corporation The H.W. Wilson Company Thomson Reuters Travel Solutions, Inc. Trondent Development Corp. Turnitin University of Texas Health Science Center At Tyler UniversityTickets WebAssign Argonne National Laboratory Energy Sciences Network (ESNet) Lawrence Berkeley National Laboratory Moss Landing Marine Laboratories National Institutes of Health National Science Foundation TeraGrid www.incommon.org InCommon Leadership-Steering Committee • • • • • • • • • • • • • • • • Steve Cawley, University of Minnesota – Treasurer Joel Cooper, Carleton College – Secretary Mark Crase, California State University Chris Holmes, Baylor University Ken Klingenstein, Internet2 (ex officio) Tracy Mitrano, Cornell University Kevin Morooney, Penn State – Chair John O'Keefe, Lafayette College Stephanie Reel, Johns Hopkins University Jack Suess, University of Maryland, Baltimore County – Vice-Chair Chris Shillum, Elsevier Shel Waggener, UC Berkeley Advisers: Renee Frost, Internet2, University of Michigan Rodney Petersen, EDUCAUSE (ex officio) David Wasley, retired, UCOP www.incommon.org InCommon Leadership-Technical Advisory Committee • • • • • • • • • • • • • RL "Bob" Morgan, University of Washington – Co-Chair Renee Shuey, Penn State – Co-Chair Tom Barton, University of Chicago Jim Basney, Teragrid Scott Cantor, The Ohio State University Steven Carmody, Brown University Paul Caskey, University of Texas System Michael Gettes, Massachusetts Institute of Technology Keith Hazelton, University of Wisconsin - Madison Ken Klingenstein, InCommon Steering Committee Mike LaHaye, Internet2 David Walker, University of California Davis David Wasley, retired, UCOP www.incommon.org InCommon is Community Driven • evangelize new vendors • analyze service opportunities • develop technical strategies • do interoperability testing, etc. www.incommon.org InCommon learning opportunities www.incommon.org InCommon learning opportunities www.incommon.org InCommon learning opportunities www.incommon.org InCommon On Campus 22 www.incommon.org InCommon: Federating as Horizontal and Vertical Integration www.incommon.org Horizontal Integration Multiple services all over campus www.incommon.org InCommon Beyond Campus 25 www.incommon.org Vertical Integration Multiple services in one area (library) etc., etc. R&E Federations •Substantial deployments in many countries, including UK, Norway, Switzerland, Sweden, Japan, Australia, France, Denmark, Finland, Spain, Germany, Netherlands, etc. Coverage in a number of countries is now 100%. • Uses include roaming access, grid credentials, digital content access, wiki controls kjk@internet2.edu www.incommon.org The InCommon Futures Task Force Report Our blueprint for the future 28 www.incommon.org The Task Force Amy Philipson, Pacific NW Gigapop, (Internet2 AMSAC) Chris Shillum, Elsevier, (InCommon Steering) Clair Goldsmith, UT System, (InCommon Steering) Cliff Lynch, CNI, (Internet2 RAC) Doug Van Houweling, Internet2 CEO Jack Suess, UMBC, (InCommon Steering, Internet2 AMSAC) John Krienke, Internet2, InCommon Ken Klingenstein, Internet2, U Colorado, (InCommon Steering) Kevin Morooney, Penn State, (InCommon Steering) Lois Brooks, Stanford, (InCommon Steering) Richard Katz, EDUCAUSE Rosio Alvarez, Lawrence Berkeley Labs, (Internet2 RAC) Ray Ford, U Montana, (Internet2 AMSAC) RL 'Bob' Morgan, U Washington, (MACE, InCommon TAC -Technical Advisory Committee) Rick Summerhill, Internet2 CTO Sally Jackson, U Illinois, (Internet2 AMSAC) 29 www.incommon.org What they were asked to do • Task Force launched and charged, January 2009 • Final report submitted to Internet2 board, July 2009 • http://bit.ly/InCommonFuturesReport 30 www.incommon.org The Recommendations • Structure • Governance • Membership • Specifics 31 www.incommon.org Structure • • Trust services platform • Increase offerings • Become financially self-sufficient A foundation • endeavor to become a place or coordinating point for R&D, development of I2MI and like efforts 32 www.incommon.org Governance • Set a path towards financial independence • Establish a Board of Directors to whom the Executive Director of InCommon reports 33 www.incommon.org Membership • Continue to focus on U.S. higher education • Actively pursure technical and political relationships with U.S. federal government (notably NSF, NIH, DoE), statebased federations and consortia, companies and organizations that provide services to education 34 www.incommon.org Specific Recommendations • Q2 2010, mission and funding plan • Secure Internet2’s continued support for 3 years • Internet2 to fund additional positions • Internet2 continues to provide admin services • Internet2 commitment to drive InCommon membership to 75% of Internet2 membership 35 www.incommon.org Specific Recommendations • • • • • InCommon to continue to analyze and plan for new trust services InCommon, with additional support, to develop training and promotional programs InCommon, with additional support, to develop formal outreach programs Bronze and Silver profiles to be released at spring I2MM Develop new, tiered pricing plan by 2011 36 www.incommon.org InCommon Hot Topics 37 www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service InCommon LOA (Level of Assurance) •InCommon – today’s federation •Bronze (LOA 1)- A campus researcher uses their campus account to access an NIH clinical trial wiki •Silver (LOA 2) – A sponsored research accountant uses their secure campus account to modify documents on NSF Fastlane •Gold (LOA 3) - A campus security officer could use their local two factor authentication to participate in a Teragrid security incident kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service kjk@internet2.edu kjk@internet2.edu kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service Interfederation •Connecting autonomous federations •Critical for global scaling, accommodating state and local federations, integration across sectors •Has technical, financial and policy dimensions •Elegant technical solution being developed in the eduGAIN project of Geant •Policy activities in Kalmar2 Union, Geant, Kantara, Terena kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service The Attribute Ecosystem •Authentication is very important, but identity is just one of many attributes •And attributes provide scalable access control, privacy, customization, linked identities, federated roles and more •We now have our first transport mechanisms to move attributes around – SAML and federations •There will be many sources of attributes, many consumers of attributes, query languages and other transport mechanisms kjk@internet2.edu Federated Identity, Attributes and Access Control •For the last ten years we’ve been promoting federated identity •But the real agenda was to manage access control… •And the scalable, privacy-preserving way to do access control is attributes •And group membership is a necessary and sufficient attribute for access control kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service The Internet of things •We have built the Internet of computers and now the Internet of people and identity; next is things. •Federation is a powerful model – it provides a degree of local freedom but a scalable infrastructure; with interfederation it can reach Internet scale. •Devices need to have identity, attributes, access control privileges, etc that tend to federate and also need to interact with identity federation. •Next generation Internet work has many types of federations of circuits, of firewalls, of routers, etc. kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service Trust, Identity and the Internet •The Internet was built for friendly behavior; that is not the current situation •ISOC initiative to introduce trust and identity-leveraged capabilities to many RFC’s and protocols •http://www.isoc.org/isoc/mission/initiative/trust.shtml •First target area is DKIM; subsequent targets include SIP and firewall traversal (trust-mediated transparency) •FCC - Broadband Strategy •FTC - National Strategy for Secure Online Transactions kjk@internet2.edu www.incommon.org Shaping activities, new directions •Level of Assurance: Bronze,Silver,Gold •Personal privacy management: uApprove, SWITCHaai •Interfederation •It’s all about the attributes •Internet of Things •Trust, Identity, and the Internet •Certificate Service InCommon •Certificate Service 55 kjk@internet2.edu Q&A 56 kjk@internet2.edu