Sessions at Open Apereo 2013 Conference (Jasig & Sakai) about Security on Tuesday 4th June Main Sessions, Social Events

View as grid

Your current filters are…

  • Factoring the Authentication Equation: Integrating Multi-factor Authentication into CAS/Shibboleth

    by Mike Grady and Andrew Petro

    Interest in Multi-factor Authentication (MFA) has been growing for a number of reasons, including increasing attack vectors for compromising passwords, use cases for higher levels of identity assurance, and expanded technologies to provide MFA (e.g. phone-based approaches). Combining MFA with one's Single Sign-on (SSO) system (CAS, Shibboleth) allows one to leverage MFA for many on-campus and federated services. Both the NSTIC-funded Internet Scalable Privacy Project ( https://spaces.internet2.edu/x/Y... ), and the InCommon Assurance Program ( http://www.incommon.org/assurance/ ) are helping to fund efforts to define and implement standard patterns for effective integration of MFA with Shib and CAS. This presentation will describe how MFA is being integrated into both the Shib Identity Provider and CAS Server, and provide some demonstrations of current MFA integrations with both.

    At 11:00am to 11:45am, Tuesday 4th June

    In Topaz, The Westin San Diego

  • Internet2 Scalable Privacy project update

    by Mike Grady

    The National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative has a goal of advancing the "vision that individuals and organizations adopt secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation." The Internet2 Scalable Privacy Project (ScalePriv) has received funding from NSTIC to pursue several major thrusts around identity and privacy, including a focus on:

    • Promoting the adoption of Multi-factor Authentication (MFA) across Higher Education institutions.
    • Attribute ecosystem development: Attribute registries, bundles and entity categories.
    • Citizen-Centric Schema.
    • Privacy Manager.
    • Anonymous Credentials.

    This session will provide an update on all of the activities happening within those project areas, and on the NSTIC effort in general. The presenter is helping to coordinate many of the project activities within the ScalePriv project.

    At 1:00pm to 1:45pm, Tuesday 4th June

    In Pearl, The Westin San Diego

  • Let's Look at the Basics of Security

    by Alan Berg, Mike Osterman and Matthew Jones

    This presentation describes the top ten security issues associated with coding. Examples are included. Discussion centers around the application of this knowledge to coding practices. There will be a section on integration best practices and avoiding common pitfalls. Subjects like TLS certificates, backup regimes and monitoring will be explored. Further, the security processes around Sakai CLE are explained. How to write a security bug report and how it ends up as a security alert.

    The presentation will be centered around advice from OWASP. Coding examples will be based on Java and will be applicable to Java based projects such as CAS/uPortal and Sakai.

    This is a great opportunity for further reach out to those interested in this field and across projects. The target audience are developers and integrators. This is a good place for people to start meeting and discussing cross cutting concerns, especially between projects.

    At 2:00pm to 2:45pm, Tuesday 4th June

    In Opal, The Westin San Diego

  • Improving Application Integrations With CIFER APIs

    by Benjamin Oshrin and Chris Hyzer

    When needs for exchanging identity data across applications cannot be met using simple standards like LDAP, custom integration work is generally required. Operations such as creating identity records, provisioning identity data, and managing group data are common across institutions, yet are implemented using custom code.

    This session will introduce the REST-oriented CIFER APIs, designed to provide a common mechanism for these sorts of integrations. A status report will be provided on the active development of the Core Schema, SOR-Registry API, ID Match API, Registry Extraction API, and Group API.

    At 3:00pm to 3:45pm, Tuesday 4th June

    In Opal, The Westin San Diego

    Coverage video

Schedule incomplete?

Add a new session

Filter by Day

Filter by coverage

Filter by Topic

Filter by Venue

Filter by Space