Most universities deal with multiple systems of record for identities - HR, student systems, alumni systems, etc. Many campuses have developed home-grown identity match tools to reconcile the same identity from more than one system of record. Higher Education has yet to produce a generic, community source identity match engine that can be used at multiple institutions. Such a generic ID match engine is one goal of the CIFER project, and UC Berkeley has made considerable investment in this goal. This presentation will describe the ID Match engine, the CIFER ID Match API, integration between the ID Match Engine and Open Registry, and administrative interfaces for resolving fuzzy matches. The goal is to submit this project as an Apereo incubation project during calendar year 2013, and hopefully recruit additional campuses to support the migration of this ID Match engine to a community project.
Interest in Multi-factor Authentication (MFA) has been growing for a number of reasons, including increasing attack vectors for compromising passwords, use cases for higher levels of identity assurance, and expanded technologies to provide MFA (e.g. phone-based approaches). Combining MFA with one's Single Sign-on (SSO) system (CAS, Shibboleth) allows one to leverage MFA for many on-campus and federated services. Both the NSTIC-funded Internet Scalable Privacy Project ( https://spaces.internet2.edu/x/Y... ), and the InCommon Assurance Program ( http://www.incommon.org/assurance/ ) are helping to fund efforts to define and implement standard patterns for effective integration of MFA with Shib and CAS. This presentation will describe how MFA is being integrated into both the Shib Identity Provider and CAS Server, and provide some demonstrations of current MFA integrations with both.
by Mike Grady
The National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative has a goal of advancing the "vision that individuals and organizations adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation." The Internet2 Scalable Privacy Project (ScalePriv) has received funding from NSTIC to pursue several major thrusts around identity and privacy, including a focus on:
This session will provide an update on all of the activities happening within those project areas, and on the NSTIC effort in general. The presenter is helping to coordinate many of the project activities within the ScalePriv project.
by Benjamin Oshrin and Chris Hyzer
When needs for exchanging identity data across applications cannot be met using simple standards like LDAP, custom integration work is generally required. Operations such as creating identity records, provisioning identity data, and managing group data are common across institutions, yet are implemented using custom code.
This session will introduce the REST-oriented CIFER APIs, designed to provide a common mechanism for these sorts of integrations. A status report will be provided on the active development of the Core Schema, SOR-Registry API, ID Match API, Registry Extraction API, and Group API.
2nd–7th June 2013