Trust and Identity Newsletter – October 2017

In this issue, read about can't-miss sessions at TechEX, get the details on the TIER Campus Success Program and the new CACTI advisory group, find out how to improve the health of your metadata—and how to get more involved through events and social media.

Trust and Identity at Internet2 includes the InCommon Federation, InCommon Certificate Service, the TIER software and campus practices program, eduroam roaming wireless, and other programs. For details, see Trust and Identity.

Share this newsletter with your friends and colleagues!

logos for InCommon Federation, InCommon Certificates, eduroam and TIER

News & Blog Posts

What You Should Not Miss at TechEX

2017 TechEX by trackDon’t miss the opportunity to help frame the future of Internet2 Trust and Identity, pose questions or concerns that would benefit from community discussion and input, and hear case studies from US and international colleagues.

New Architecture Advisory Group Reflects Local and Global Perspectives

global committee imageTrust and identity frameworks are no longer bounded by the campus and are more global than ever. Christopher Phillips explains how Community Architecture Committee for Trust and Identity (CACTI), a new advisory group drawn from the global Internet2 research and education community, will provide a diversity of perspectives offering better insight into what’s next.

Looking at Using TIER? Follow the Campus Success Program

Campus Success Program imageFind out how the Campus Success Program—modeled after previous effective, NSF-funded programs—leverages the power of collaboration and community to address TIER adoption assistance and education.

Checking Contacts in Metadata First Step in Getting Ready for Baseline

metadata baseline first steps imageTom Barton encourages site administrators throughout InCommon to check the health of their federation metadata. First step? Make sure you've included appropriate technical, administrator and security contacts.

TechEX TIER Demos Highlight Provisioning Workflow

TIER demo at 2016 Global SummitTwo TIER demos at the 2017 Internet2 Technology Exchange will highlight two real-world workflows for provisioning, deprovisioning, and authorization with TIER components and APIs.

Single Sign-On and Multifactor Coming for InCommon Certificate Service

A long-standing feature request is under evaluation in a pilot testing the use of single sign-on (SSO) and multifactor authentication (MFA) to log in to the Comodo Certificate Manager. The feature would significantly increase security.

Friends Don’t Let Friends Use TLS for Metadata Consumption

secure network handshake imageWhy won’t InCommon Operations serve metadata over TLS (HTTPS)? As Nick Roy explains, it’s because InCommon metadata must be fully tamper proof—both at rest and in transit. For this reason, InCommon and other federations digitally sign their metadata documents using private keys that are heavily protected and secured by intentionally designed processes.

Per-Entity Metadata: Tastes Great. Less Filling.

metadata graphicInCommon’s growing list of participants have registered more than 4,500 SAML entities, with a metadata aggregate growing to more than 40 megabytes. With increasing resource demands, the time for a more scalable metadata distribution and consumption solution is now.

TIER Working Groups Prep for TechEx; InCommon Group Looks to Improve Interop

Several TIER working groups have been focused on preparing key deliverables and developing demos for 2017 Technology Exchange; the InCommon Deployment Profile Working Group takes aim at improving federation interoperability; and several InCommon working groups are just beginning their work. Be sure to get more involved by attending one of the many working group meetings at TechEX.

Key Internet2 identity initiatives are supported in part by National Science Foundation grants. For more information, see specific software sites.

Visit the Internet2 Email Preferences Center to manage your email subscriptions for the Trust and Identity Newsletter, and consider subscribing to the Community Update or other newsletters of interest.