![Page 1: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/1.jpg)
Exploring InCommon
Getting Started with InCommon: Creating Your Roadmap
![Page 2: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/2.jpg)
University of Oregon Identity Management Roadmap
– Deployed phase 1 of our Identity Management system in August 2007
– Deployed Shibboleth for intra-campus authentication/SSO and attribute delivery fall 2008
– Joined InCommon February 2010– Continuing to expand and refine IdM system
and starting to offer federated services
![Page 3: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/3.jpg)
Identity Providers: IdM Prep - Policy
• *Review Participant Operating Practices (POP) to familiarize yourself with policies and practices your organization will need in joining a federation
• Ensure basic identity management policies are in place, including data stewardship and acceptable use policies
• *Define policies related to single sign-on (SSO) and authentication
![Page 4: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/4.jpg)
• *Define and publish account creation and termination policies
• Define policies on log retention for identity management and provisioning
• Join InCommon– *Submit InCommon Participant Agreement
– *Once approved, designate your Executive and Administrator(s)
– Post your Participant Operational Practices (POP)– Submit metadata for your Identity Provider and/or
Service provider
![Page 5: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/5.jpg)
Identity Provider: IdM Preparation – Business Practice Steps
• *Provision/de-provision accounts for your users (faculty, staff, and students) based on published policies
• Create problem resolution process for when users forget or lose passwords
• Create Help Desk support procedures for authentication problems and password changes
• *Create a process to address reports of abuse
![Page 6: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/6.jpg)
Identity Provider: IdM Prep, Technical Step
• *Install/operate/manage the identity provider package of a SAML federating software system such as Shibboleth
![Page 7: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/7.jpg)
IdP IdM Attribute Provisioning - Policy
• *Identify who governs the decision to release attributes
• Develop policy governing use of your attributes by service providers such as attribute retention, sharing, etc.
• Consider setting up tiers or groups of attribute release policies for different categories of service providers
![Page 8: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/8.jpg)
IdP IdM Attribute Provisioning – Business Practice
• * Identify who is responsible for editing/implementing the attribute release policies
• Define process a service provider would use to request attributes and the process used to respond to the request
• Define process to follow when a service provider requests an attribute that is not currently available as defined by the policy above
![Page 9: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/9.jpg)
• * Define problem escalation procedure if identity information is released in conflict with organization policies
![Page 10: Exploring InCommon Getting Started with InCommon: Creating Your Roadmap](https://reader035.vdocuments.site/reader035/viewer/2022080916/56649e665503460f94b60655/html5/thumbnails/10.jpg)
IdP IdM Attribute Provisioning – Technical Steps
• *Extend directory and/or person registry schemas if needed to support eduPerson
• Configure the identity provider attribute resolver for the appropriate sources