Introduction to Federated Identity Management

1. IAM OnlineFriday, February 12, 2010“Introduction to Federated Identity Management”John O’Keefe, Lafayette CollegeQuestions either via Adobe Connect chat or the conference call.Dial-in numbers: +1-734-615-7474 Preferred (from any phone where long distance has no add'l cost) +1-866-411-0013 (US/Canada only and only if above number costs user more than 800/866 calls)   Access Code: 0189081# Brought to you by InCommon, in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group

2. Introduction to Federated Identity Management • John O’Keefe • Director, Academic Technology and Network Services • Lafayette College 1

3. What is Federated Identity Management (FIdM) 2

4. The Questions • How many off campus applications do you have (or are you planning to have)? • How do these service providers • verify the identity of your users? • know who’s eligible to receive these services? • know the user is active and hasn’t left the institution? • How comfortable are you with the privacy and security of the identity data? 3

5. The Problems • Access to outsourced services in a traditional way does not scale • Authentication is managed by identity holder (user) on a case-by-case basis • Authorization is managed by the Service Provider without institutional verification • Security and privacy varies from service to service, user to user • Accuracy and timeliness not managed by anyone • In 2005, 11 different LC username/password combinations 4

6. = Authorization = Credentialing / Authentication = User Credential Research Projects Shared Courses Student Loan Service Institution A Physics HomeworkService Institution B Library Provider Traditional Identity Management 5

7. Federation = Authorization = Credentialing / Authentication = User Credential Federated Identity Concept Research Projects Shared Courses Student Loan Service Institution A Physics HomeworkService Institution B Library Provider 6

8. InCommon Federation • US Research and Education Federation • http://www.incommonfederation.org • Over 200 participants representing over 4 million users and growing • Sponsored partners include the National Science Foundation, the TeraGrid, the National Institutes for Health, EDUCAUSE, the National Student Clearinghouse, and companies offering library databases, human resource systems, and other important services • Higher ed. participants include all types of colleges and universities – from the liberal arts (like Lafayette) to large research institutions (like University of Florida) • Members agree to common participation rules and basic practices that allows each to inter-operate with the others 7

9. Use Cases @ Lafayette College 8

10. The College • 2,382 Students, 206 Faculty • Small, residential, private liberal arts college • Merged IT/Library organization with 29 IT staff • Open-source centric • Centralized IT • 30% of 1 FTE dedicated to FIdM 9

11. What We Do With Federated Identity • Library Applications (Jstor, RefWorks) • Moodle Spaces (Lafayette’s collaborative Moodle instance) • University Tickets Online • e2Campus • Google Apps (Not Email) 10

12. What We Do With Federated Identity • Spaces (I2 wiki) • University of Washington Technology Wiki • DreamSpark • Internal network management apps 11

13. University Tickets • Provides online ticket sales for campus events • Student Life had previous arrangement with vendor • Wanted to validate affiliation via LDAP import into THEIR system • We pointed them to InCommon • Now sending only basic attributes, no LDAP information 12

14. e2Campus • SMS-based emergency notification system • Spam-like emails sent to campus users requesting password changes prompted project • Collaborated with Public Safety • Went live in October 2009 • Makes using service easier and more secure 13

15. Moodle Spaces • Our first use of SP • Alumni Ambassadors (213 users) • Oomycete Undergrad Molecular Genetics Network • Alumni Chapter Volunteers (26 users) • Uses ProtectNetwork IDs - http://www.protectnetwork.org/ • Solved credential issuance problem for “lightly-affiliated” users 14

16. What’s Next for LC and FIdM: IdP • Collaborations with other schools • Financial Aid Applications • iTunesU • NSF & Grant Application/Management 15

17. What’s Next for LC and FIdM: SP • WordpressMU • Single Sign-On for web applications • Banner • Drupal • Zimbra 16

18. Why Does This Matter? 17

19. Facilitates Collaboration • Enables faculty, staff, and students both within and beyond your institution to use a common set of applications • Enables faculty, staff, and students both within and beyond your institution to access, share, and manipulate a common set of data • Enables faculty, staff, and students both within and beyond your institution to access research tools over the Internet and Internet2 18

20. Protects Collaboration • Privacy - Sends the minimum amount of attributes • Security - Keeps person attributes secured in your local identity vault and limits number of UserIDs and passwords • Outsourcing - Enables integrated institutional use of external applications • Regulations - Access that must adhere to Federal regulations can easily be provisioned 19

21. Questions? • John O’Keefe • email: okeefej@lafayette.edu • web: http://its.lafayette.edu • twitter: okeefej_62 20

22. IAM OnlinePlease take a few minutes and complete the survey about today’s IAM Online: http://www.surveymonkey.com/s/ZJRK9KP Upcoming IAM Online:March 11, 2010, 1 p.m. (EST) “Provisioning of Remote Users,” by Mark Scheible, North Carolina State UniversityApril 8, 2010, 1 p.m. (EDT) “Making Federation Happen,” by Joel Cooper, Carleton CollegeGo to CAMP! June 21-23, 2010 – InCommon CAMP – Raleigh, North Carolina“Exploring and Supporting Federated Access” Details soon at www.incommon.orgBrought to you by InCommon, in cooperation with Internet2 and the EDUCAUSE Identity and Access Management Working Group