Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

CAMP Notes – Lightning Talks Monday, June 21, 2010 Federated

advertisement 
CAMP Notes – Lightning Talks
Monday, June 21, 2010
Federated Identity Case Studies – Lightning Talks
Doug Falk – National Student Clearinghouse
- The National Student Clearinghouse is an InCommon sponsored partner.
- The Clearinghouse is a non-profit that was formed in the mid-1990s to help
colleges/universities manage flow of data with loan providers.
- There are now 3,500 colleges and universities that are Clearinghouse members.
- The primary contact is the registrar; the services and products help the registrar’s
office manage data.
- The Clearinghouse does not maintain identities for students, relying on schools to
do the authentication.
- Student Self-Service is the first federated application from the Clearinghouse. The
application originally relied on a home-grown linking system, with schools need to
write some code. Three universities are now using Shibboleth and federating with
another school in testing. The Clearinghouse would like to get more schools actively
federating to take advantage of the governance and scalability. The use of
InCommon also greatly reduces the number of calls to the Clearinghouse for help
with the home-grown authentication system.
- Student Self-Service was launched to allow students, once authenticated, can then
access a number of services – such as printing an enrollment certificate.
Brian Marks – WebAssign
- WebAssign is an InCommon sponsored partner.
- The company operates an online homework system, primarily eared to the sciences
(physics, chemistry and math), and was spun-off from North Carolina State Univ. in
2003.
- WebAssign first federated with Penn State and now has 10 schools using Shib and
InCommon.
- With federated access, WebAssign does not need to issue credentials and can rely
on the federating process for account provisioning and course enrollment
provisioning.
- With federated access, instructors no longer need to be heavily involved with course
management, like uploading course lists and keeping lists up-to-date, since the
attributes can provide such information to WebAssign.
- Several institutions also use federated WebAssign for math placement exams.
Anne Marie Alexander – Duke and federated iTunesU
- In 2004, Duke provided iPods to freshmen, which sparked interest in iTunesU.
- When the university started with iTunesU, the project office entered everything
manually.
- As part of its federating process, Duke started using Grouper, which receives course
information from PeopleSoft, including such information as the names of TAs and
faculty. That information is pushed from Grouper to the LDAP. And the eduCoure
attribute is used.
- There are as many as 58 courses using iTunesU.
Mike Conlon – University of Florida – VIVO (www.vivoweb.org)
-
-
-
-
-
The University of Florida has federated 240 service providers with about 120 to go
(this number is high because of the decentralized nature at Florida). Most of the
research apps have been federated.
VIVO is an open source semantic web application originally developed and
implemented at Cornell. When installed and populated with researcher interests,
activities, and accomplishments, it enables the discovery of research and
scholarship across disciplines at that institution. VIVO supports browsing and a
search function that provides for rapid retrieval of desired information.
VIVO is an open-source discovery tool with information about grants, publications,
current work, and research interests. This is an application enabling a national
network for scientists.
The software is available from SourceForge, with a Shibboleth version going in
production in the fall. At that point, VIVO will use Shibboleth and InCommon for the
distributed system, operating like a website and implemented through libraries.
There seems to be significant interest among research librarians.
The ecosystem of apps supported by VIVO is unlimited. It is a simple open format to
gather data.
There are federal agencies involved, including NSF, NIH and the VA.
Michelle Morrison – Medical University of South Carolina (MUSC)
- MUSC is interested in collaborations around education, research, and patient care.
- Three South Carolina universities are part of InCommon and MUSC would like to
expand to include associated hospitals.
- MUSC is now sharing library resources and doing authorization through Shib and
EZProxy. They also plan to use Grouper, but is in test mode right now.
- In terms of research, there is a state-wide IRB (Institutional Review Board) and the
plan is to use Shib for authentication.
- The participating hospitals currently use proprietary software, but the goal is to
federate with community hospitals and referring physicians around the state.
- MUSC chose to use the InCommon Federation because the initiative originated with
the academic institutions.
Paul Caskey – University of Texas System
- Each campus in the University of Texas System has federated with InCommon. All
are also members of the UT federation. The UT System office engineered the
federation of all campuses with InCommon and the campuses actually consume UT
metadata. The system office takes care of data flows to and from InCommon. This
provides flexibility for Texas-specific metadata.
- There are 76 service providers within the UT federation; but the system office
encourages outside vendors to join InCommon and federate that way.
- The system is now rewriting its member operating practices (which is analogous to
the InCommon POP) to make it more compliant with the emerging federal
government specifications for its TFPAP (Trust Framework Provider Adoption
Process).
- Also working on levels of assurance and a related auditing process. The system
office did a self-survey with all campuses, asking them to answer structured
questions about LoA and identity management policies. This helped determine what
changes need to be made to reach higher levels of assurance.
-
The University of Texas System views its federation and the InCommon Federation
as a core business process. They cannot do business without the federation and it
also serves as a gateway to the rest of the world.
Jim Greene (Michigan State University) – CIC Identity Management Effort
- The CIC is the Committee for Institutional Cooperation, comprised of the Big Ten
schools plus the University of Chicago.
- The CIC IdM task force is sponsored by the CIOs of the CIC institutions.
- The task force developed a list of 30-plus items, including shared issues, problems,
and things the members would like to see accomplished. The group picked the top
three to work on and then gathered volunteers: 1) TeraGrid and federated access to
the TeraGrid, 2) federated wireless; 3) InC Silver by all CIC institutions by 2011.
- TeraGrid – This is a distributed high-performance computing grid made available to
researchers. The large percentage of users are at CIC institutions. There are level of
assurance issues with authentication and identity vetting, as well as questions about
how to route problems and calls when people have problems logging in.
- Federated Guest Wireless – Europe has widespread deployment of Eduroam –
those from participating institutions log in with their home credentials. Eduroam is
operated through a series of Radius servers (not via Shibboleth). The task force will
explore whether the CIC can deploy and federate Eduroam, whether to recommend
if InCommon should be involved, and determine whether there are options other
than Eduroam
- InC Silver Certification by Fall 2011 – The prerequisite seems to be having policies
and practices in place and documented so your auditor can then provide verification.
George Laskaris – NJ Edge
- Through a grant, NJ Edge built a state-wide video repository, using federated
identity management, to serve K-12, higher ed, and public libraries.
- The three-year grant is for a collaboration among Rutgers, William Patterson
University and NJ Edge.
- There are three types of collections – 1) a commons repository built on Fedora,
offering non-licensed academic material; 2) licensed academic content (several
repositories) that interact statewide via Shibboleth; and 3) learning on demand (each
institution has the ability to use any lecture capture system and upload the material
to the repository).
- Repositories have the ability for metadata tagging to facilitate searching. This is
done by librarians for librarians.
- There is also a powerful annotation tool, allowing for the identification of segments
from different videos and linking them together to form an object.
- The federated identity management structure took a lot of collaboration among the
librarians.
- Libraries are saving money every year by using the repository in place of individual
vendor contracts. At the same time, vendors need assurance that the repositories
are protecting the video resources and not making them available to those who have
not paid for the license.
- Since colleges and universities already operate identity management systems,
federating was not a problem. The challenge is with K-12 (more than 500 school
districts) and public libraries. There is talk of doing something on the county level
with these groups.
- There is a YouTube-like interface so faculty can easily place their own videos in the
repository.
Ken Klingenstein – Eduroam, Attributes, and Other Issues
- Eduroam - This is well established in Europe. It is operated using a series of Radius
servers. The University of Washington is approaching this as an incentive to join the
alumni association, with alumni receiving wireless access nationwide and worldwide.
There is not much work to implementing Eduroam on a campus, since a Radius
server would already be in place.
- “It’s all about the attributes” is increasingly evident. Many companies, for example,
just care about “over legal age” as an attribute. In education, “student-ness” is of
great interest to companies.
- Return on Investment –The Office of Personnel Management in the federal
government released information on federated identity, including an indication that
the return on investment for federated identity is less than 14 months.
- Domesticating applications – This is becoming of greater interest and means
externalizing access control. When you have 200,000 IDs in your identity
management system, you want to use groups – and that’s how you domesticate
applications.
Celeste Copeland – Federating PeopleSoft at UNC-Chapel Hill
- Last year, the University of North Carolina-Chapel Hill moved its student data to
PeopleSoft. There was a desire to integrate with the Sun portal and other
applications.
- Services around campus were Shibbolized, so UNC-Chapel Hill decided to
accomplish these integrations, and make things look seamless to users, by
Shibbolizing PeopleSoft.
- This has been a successful project, although it wook some work to get attributes
working with PeopleSoft security. There was also work in ensuring that everyone
who needed access, including student applicants, had the appropriate level of
access.
Related documents
IAM Online Friday, February 12, 2010
IAM Online Friday, February 12, 2010
InCommon Overview
InCommon Overview
Libraries Combine to Develop Shibboleth-EZproxy Hybrid
Libraries Combine to Develop Shibboleth-EZproxy Hybrid
Standard Client Certificate Profile
Standard Client Certificate Profile
Security: Network and Middleware
Security: Network and Middleware
Identity Management -- Background Concepts, Goals
Identity Management -- Background Concepts, Goals
Download
advertisement