Jasig 2010 uPortal Highlights

Are you looking for more information about uPortal? How about some half day training opportunities? Tips and techniques for developing portlets? Information about managing uPortal installations? A chance to hang out with fellow developers and implementors? The 10th Anniversary Jasig Conference in San Diego March 7-10 has all of this and more!
There are half-day seminars on uPortal implementation, migration to uPortal 3, portlet development, uPortal for mobile devices, and using jQuery and Fluid Infusion. In addition, over a dozen sessions will cover portal-related topics including the following:

• Developing with Spring Portlet MVC, Struts, jQuery, Fluid Infusion
• WebServices and portlets
• Content Management, Help Desk,
• Managing uPortal environments
• uPortal Roadmap
• Portal planning

This is a great opportunity to advance your skills and see innovative techniques that others are using. There will be plenty of opportunities to spend face-to-face time with your peers from other universities and take back valuable information you can use in your own portal development.
And if you REGISTER BY FRIDAY you can save $50 on registration and get in on the hotel group rate!
I look forward to escaping these single digit temps (and those are Fahrenheit) and I hope to see you in San Diego!

Jasig 2010 Identity Management Track

I was looking over the Jasig 2010 conference schedule and was struck by how much applies to identity management.

A proposed conference itinerary

Here's just one idea of a schedule of presentations to consume at the Jasig conference focusing on identity management topics:

Sunday March 07 2010

Pre-Conference Seminar on Identity Management Re-Architecture

Start the conference out right with an intensive pre-conference seminar from 1pm to 4:30pm on Laying the Foundation for your IdM re-Architecture! as presented by lead CAS developer Scott Battaglia, Strategy Director and past Information Security Officer Jens Haeusser, Senior Technical Specialist Paul Zablosky, and Senior Director for Integration Tom Barton.

This seminar walks you through the basics of the process of moving from an ad-hoc structure to a more planned architecture using various Jasig institutions as case studies. Along the way, we'll look at solutions in the open source area that are starting to address the needs of the higher education community as they move to a more mature architecture.

Topics to be covered include:

• Internet2's middleware model


• Mapping of leading open source & commercial products to the Internet2 model


• Terminology that works in technical & management paradigms


• Governance


• InCommon Silver assessment framework and Levels of Assurance


• Creating an Identity Management roadmap for your institution

Monday March 08 2010

Breakfast

Meals, and the company in which to enjoy meals, have been traditionally excellent at Jasig conferences, and I expect Jasig 2010 will be no different.

Keynote

Start the main portion of the conference with Gregory Jackson's keynote on We Have Open Source. Now what?. Jackson is EDUCAUSE Vice President for Policy and Analysis.

CAS in Context

Kim Cary, Chief Information Security Officer of Pepperdine University, will be presenting this session on CAS in Context: Explained, Deployed, Extended. The context here is a case study of Pepperdine's actual implementation of CAS.

This talk is aimed at persons who are familiar with some of the technology and concepts involved in implementing and operating a CAS system, but who may lack the overview to make sense of the wealth of information available for the CAS project. The goal is to illustrate the most common deployment issues by way of a case study.

The presenter will explain deployment, maintenance and extension of a typical Central Authentication Service system in context of Pepperdine University’s experience with the CAS 3.3 server software. A CD with reference materials will be provided to all participants, in addition to a presentation outline keyed to those materials.

Protocol. We will first cover a basic overview of how CAS servers and their web application clients work using diagrams and audience participation. Reference: jasig community CAS diagrams (in-progress from various deployer materials).

Server. We will then cover a visual overview of Pepperdine’s CAS server implementation as development, test and production tiers. Part of the implementation overview will cover tips and best practices for CAS and tomcat maintenance across software and configuration changes. The server implementation section will conclude with demonstrate a simple change as an example of server change control and change deployment using the maven overlay method (easy once you see it). Reference: Pepperdine’s system description & procedures documentation.

Client. We will demonstrate how a simple dynamic web page can become a CAS application, with the addition of half-dozen lines to the page and copying a few files onto the server. Reference: Before/after web page code and CAS client library installation procedure.

Extension. We will conclude with an explanation of why Pepperdine University developed a service check extension for the CAS service and how it was architected and deployed. Reference: Source code, plus installation and testing procedures.

By keeping pace and leaving detail in the reference materials for each section, we will target 15 minutes for questions at the conclusion of the talk.

Extending CAS Using Spring Web Flow

Unicon's Adam Rybicki will present on Extending CAS Using Spring Web Flow. The CAS login flow is a great place to extend CAS to handle additional institution-local use cases such as password and profile update requirements.

CAS uses Spring Web Flow to do "script" processing of login and ticket validation protocol. This presentation will discuss how to extend CAS by injecting business logic into CAS Web Flow. This allows extending CAS without having to modify any CAS code.

The presentation will illustrate how to add a new Web Flow state. This state checks for the user having accepted the university's "Accepted Use Policy." This is a policy that every user has to accept once a year. The date of the last policy acceptance is stored in LDAP.

Another example of extending CAS this way is to check for password change. Many universities have a policy to require periodic password changes. This enhancement checks the last password change date, and if it has been too long since the last password change, the user is forced to change the password. Both examples prevent the users from authenticating to services until they are satisfied. Both the password change and policy acceptance application are themselves CAS-enabled.

This presentation details how normal CAS flow is changed to force the users to perform these steps before they are allowed to log in. Upon satisfying both applications, normal CAS behavior is restored.

Lunch

Meals at Jasig conferences are traditionally excellent, and besides this is a chance to lunch with others interested in identity management in higher education at this conference.

OpenRegistry

After lunch, Scott Battaglia will present on What's new with OpenRegistry.

Historically, core identity management systems within higher education have either been a homegrown implementation requiring constant care and feeding, understood by only a handful of people, or a cobbled together commercial implementation with lots of glue code written by temporary consultants or with significant amounts of staff time. Both of these approaches are problematic. The OpenRegistry initiative is an alternative, opensource/community-based approach. OpenRegistry will be an opensource identity management platform, managing data provided by systems of records and other sources through business rule driven processes such as reconciliation, identifier assignment, attribute and privilege assignment, provisioning and deprovisioning, and reporting and audit. This presentation will review the history of the initiative, including its objectives, and provide an overview of the design, architecture, and current status of work.

Refreshment Break

Personally, I'm hoping for large hot pretzels. Regardless of pretzel availability, refreshment breaks are some of my favorite parts of the Jasig conference since they're a chance to discuss the sessions and discover colleagues and their solutions.

Spring Security 3

Scott Battaglia will be presenting on Spring Security 3.

Spring Security is a popular, open-source Java security framework offered by SpringSource. It's been downloaded hundreds of thousands of times and is a population choice in many banking, government, education, and military installations. This session presents practical solutions for addressing today's complex enterprise application security requirements using Spring Security. It takes attendees step-by-step through securing their application, and highlights the new features available in Spring Security 3.

Identity, Credentials, and Access Management

Ted Bross of Princeton University will be giving this session.

Managing digital identities, credentials, and access to services requires a comprehensive middleware solution with support of administrative, academic, and information technology. The EDUCAUSE identity management list serves as a great venue for questions, discussions, and solutions from colleagues from peer educational institutions. This panel session will focus on some of the more challenging and controversial topics raised on this list over the least year such as implementing levels of assurance, password expiration, and assignment of NetID's.

Reception and Poster Sessions

Sounds like a good time to me.

Tuesday March 09 2010

Breakfast

It's the most important meal of the day, I'm told.

General Session

Justin Erenkrantz of Apache Software Foundation will be giving a general session talk The Apache Software Foundation: No Jerks Allowed

Refreshment break

Personally, I feel it's never too early to enjoy a hot baked pretzel, but I suspect this refreshment break won't be pretzels. I still suspect it will be good.

ClearPass

I'll be giving a presentation on ClearPass - A CAS Extension Allowing Credential Replay.

ClearPass is a free and open source CAS extension allowing the secure release of cached end user credentials (passwords) to selected applications while still supporting enterprise SSO. This session will review ClearPass and the example of using ClearPass with uPortal to accomplish simultaneous CAS-based enterprise single sign on and point-to-point credential replay solutions.

Managing Infrastructure Complexity with 'IT Ecosystem'

Tom Barton of the University of Chicago will be giving this talk.

There are a great number of dependencies in IT systems these days. The technology stack on which applications run has gotten pretty deep, and it’s common for hosting, storage, database, middleware, and other types of services, operated by different IT departments, to be integrated with applications. What’s impacted if a given element in this ecosystem goes down? What all does a given application depend on? For several years the University of Chicago has been developing a tool to help us report on and visualize all of the IT infrastructure we operate and the dependencies among them. This tool, the IT Ecosystem, has reached sufficient maturity to promise real help in managing our complex IT environment. At this session we’ll show the IT Ecosystem and discuss how it’s being used at U Chicago.

Lunch

This is a good opportunity to find some people to talk some more identity management.

CAS Clustering for High Availability

Eric Pierce of the University of South Florida and fellow member of the CAS Steering Committee will be giving this talk.

The CAS server is the central hub for all of your enterprise web-applications. A single point for authentication for all of your apps has many advantages in terms of security and user experience, but it has the potential of being a single point of failure. To address this issue, clustering technologies can be used to build a Highly Available CAS system.

This presentation will provide:

• The differences between High Availability and High Performance clusters


• An overview of the cluster architectures supported by CAS


• Comparisons of the MemCache and Database TicketRegistries


• Building CAS clusters with more than 2 nodes


• Details on a real-world 4-node CAS cluster at USF and lessons I've learned from building it.

Refreshment break

Hope springs eternal for hot fresh-baked pretzels.

Multi-factor Authentication with CAS

I'll be giving a presentation on multi-factor authentication with CAS.

Jasig CAS is a free and open source platform for extensible Web single sign on. Extending CAS to implement multi-factor authentication enables CASified applications to benefit from stronger end-user authentication and may enable an institution adopting CAS to achieve higher Level of Assurance in authenticating their users on the Web.

This session will briefly review the reasons for interest in multi-factor authentication and enumerate the benefits of supplementing static passwords with dynamic passwords such as those generated by physical tokens. We will then outline implementing multi-factor authentication in CAS, highlighting the extensible CAS login web flow and CAS authentication AP--starting points for doing this.

As a case study of accomplishing multi-factor authentication in CAS, integration with VASCO one-time-password generating physical tokens will be demonstrated, highlighting the extension points in CAS APIs that make this integration possible.

Integrating CAS and Grouper with the new Windows Identity Foundation

Jean Marie THIA of Université Pierre et Marie CURIE (UPMC) will be giving this talk.

Cassifing IIS7 or a .Net application like Sharepoint is an easy job with CAS4Net for example. But authentication is not enough as this part just allows to know the user identity. Authorization is the next bridge to cross to know what the user has access to.

Grouper is a very good candidate as the core repository of a role based access control (RBAC) system. Identity and Access management systems are evolving, new standards arise. The new Windows Identity Foundation (WIF) is also embracing SAML. This talk is about our work in integrating CAS and Grouper with WIF.

Wednesday March 10 2010

Breakfast

Last chance to load up on included-in-conference-fee food.

Kuali Identity Management: Introduction and Implementation Options

Eric Westfall of Indiana University will be giving this talk.

The Kuali Identity Management (KIM) module of Kuali Rice provides identity and authorization services. This session will take a look at KIM design, terminology, and services from an architectural perspective. We will also explore the different options and strategies for implementing KIM at your institution, including integration with other solutions such as CAS, Shibboleth, Grouper, LDAP and more.

Identity Services for Open Source Software

Tom Barton will be giving this talk.

In June 2009, Jasig, EDUCAUSE, Internet2, the Internet Society, the Kantara Initiative, and Unicon sponsored an energetic and successful “Identity Services Summit” that gathered representatives from several of the leading open source software (OSS) projects in higher ed together with campus and community IT and middleware architects to attack the problem of integrating OSS software with enterprise access management systems. We'll report on some of the themes and follow-up activities emerging from that summit, and look ahead to possible next steps. Attendees will gain insight into this challenging and strategically important integration area and learn how to participate in or stay abreast of follow-up activities.

Closing general session

Rod Johnson of SpringSource on Open Source, Cloud Computing and the Future of Innovation.

Jasig BarCamp

This is the un-conference portion of the formal Jasig conference where participants self-organized just-in-time into discussion and collaboration groups based on what they've learned about and interests they've exercised during the formal conference. Stick around to have that extra conversation with a person of particular interest or to advance a local identity management issue for discussion.



(This post originally appeared elsewhere and is syndicated here under CC-BY-NC.)

Greg Jackson Will Speak on Sustaining Open Source in his Jasig Keynote

Greg Jackson has been a force in the Research & Education IT community for many years. From leadership positions at MIT, the University of Chicago, and now EDUCAUSE, he’s been a pusher for policy and organizational changes needed to support R&E at all levels. And he has an uncanny knack for making people see what’s important.


Until recently, the big stakes game for R&E IT was the network – ensuring that the network needs of R&E can be met and sustained by the R&E community. We now take for granted multi-gigabit end to end speeds between R&E locations anywhere in the world, but it took the formation of Internet2, National Lambda Rail, the Regional Optical Networks, Starlight, and many other organizations to change away from a course that would have left R&E dependent on the business models of the commercial network providers.


Now the stakes are high around IT services needed by R&E. Google, Microsoft, Oracle, Amazon, and other commercial providers are winning mindshare with their products and cloud services, but will their businesses suffer if they don’t produce a good research library management system, integrate with our student information systems, or enable far-flung collaborators to parse corpuses of digitized text and particle collision products?


Against these Goliaths we pit our Davids: Jasig, Kuali, SAKAI, Internet2, Globus, and other organizations that produce open source software meeting needs peculiar to R&E. They are crucial, but are organizations like these, and their products, sustainable?


In his keynote, Greg will focus his ability to distill the important, and his considerable organizational experience, on the need to sustain our open source efforts. How should we deal with maintenance and updating of a successful open source product? Is the way we produced it to begin with also a good way to sustain it? Should commercial interests be harnessed somehow? Are all products sustained in the same way? What should open source producing organizations be and how should they do that?


You can find out more about Greg and his presentation on the Jasig Conference website.

Early Bird Deadline Approaching for Jasig Conference Registration

The Jasig Conference has early bird registration discounts. But they don't last forever (otherwise that would defeat the purpose of early bird discounts!). If you're interested in getting in to the Jasig Conference at a cheaper rate, you've only got a few weeks left! These discounts only last through January 31st!

Go to the conference site now!

Still here? Why? Oh you want more info!

This year's Jasig conference runs from March 8 - 10, 2010 at the Town and Country Resort in sunny San Diego, CA! Its bookended by pre and post conference seminars on the 7th and 10th, and fun developer days on the 11th and 12th.

In case you haven't read the post on why you SHOULD (I would argue MUST) attend, here's the lowdown:

• Great Keynote Speakers - including Rod Johnson (Spring), Justin Erenkrantz (Apache), and Gregory Jackson (EDUCAUSE)


• Great Projects - including CAS, uPortal, Cyrus, DSpace, Fluid, Internet2 Middleware, Kuali, OpenRegistry, and more!


• Great Presentations - poster sessions, demos, IdM architecture, Java, mobile apps, designing for accessibility, Spring Security, portlets, Groovy, and more! (check out our program)


• Networking Opportunities - dine around, ice breakers, breaks, and the Jasig Running Club!

Why are you still here? Go the conference site to get all the details and register! Don't miss out.

Why attend the Jasig Spring 2010 Conference

With the economy in shambles (but hey, it's recovering!), it's becoming increasingly tougher to obtain travel money to attend all the conferences you'd like to attend. You need to become more selective and only choose a few. I might be biased, but I think the Jasig Spring 2010 conference should be one of your top choices!

While Jasig is geared towards higher education, its products are used worldwide in universities, governments, non-profits, corporations (including major gaming companies and financial companies) and more. This means at the Jasig conference you can gain multiple perspectives on technology, which leads us to the first major reason to attend the Jasig conference.

Excellent Networking Opportunities

Jasig conferences are attended by people all over the world representing major institutions and organizations. This is an excellent opportunity to find out what others are doing, obtain tips, troubleshoot problems, bounce ideas around, and make friends so that when you go back home you've extended the number of people you can collaborate with (many Jasig-ers regularly collaborate with each other, whether officially or unofficially). The Jasig conference offers multiple opportunities for this networking including social events sponsored by the conference (the reception), events organized by the conference (dine-arounds), and time during the conference (breaks and birds-of-a-feather, as well as lunch!). In the past I've heard tons of advice being passed around including experiences with high availability, new frameworks, and sharing pains with deploying commercial software.

Affordable

The Jasig Conference is one of the more-affordable Java-focused conferences offering quality content. Other conferences can cost upwards of 2-3 times the amount that the Jasig conference does. One week training sessions that offer minimal value have similar price ranges to those "other" conferences. Save your money! Buy a Java 5 book, read it on the plane, and take some of the remaining money and learn from your peers at the Jasig Conference (presumably, your boss would be happy you saved a lot of money too, and offer you a promotion, but we can't guarantee that).

Content

There's content for everyone! (okay, maybe not for those Pascal developers, sorry!) Interested in learning more about Jasig projects? We've got presentations for newbies, advanced configuration and deployment, customizations, and roadmaps! Work on other stuff besides Jasig projects at your work? Don't we all! We've got that covered too. From presentations on management styles, tools, libraries, frameworks, identity management and even other languages (programming that is, you're not going to learn Spanish here), you'll find something you can take back and use at your work (and even impress your coworkers, unless they attended the conference too. And why not since its so cheap--see above)!

Pre-Conference Seminars

For those who really do feel they need to spend money on training (sometimes, it is better than the book), we've got affordable seminars on identity management, jQuery, Jasig Projects (CAS, uPortal, Bedework), portlets, and Groovy.

Keynotes

We've got awesome keynotes from top-notch people and organizations including Rod Johnson from SpringSource, Gregory Jackson from Educause, and Justin Erenkrantz from the Apache Software Foundation. The first and last are probably in charge of some of the most frequently used software at your organization.

The Environment

As I write this, it's about 31 degrees F in New Jersey and its 53 degrees F in San Diego, CA (though, obviously temperatures change). Either way, that's some nice weather! San Diego's also an awesome town with tons of stuff to do!

Who Should Attend?

Well, everyone! Duh! Oh, seriously? Well if you're in the state of California you really have no excuse (other than the fact that California's pretty big, and I think the state is bankrupt). Seriously though, if you're in California, it's a no-brainer to try and get out to this conference. It's affordable, in-state, and gives you a pretty good content-to-amount-paid ratio.

Jasig Deployers! If you're a Jasig deployer, you really can't turn this down! Meeting other Jasig deployers? Priceless! Finding out where Jasig is heading with their projects? Pretty darn useful.

Developers! Even if you don't actively work on a Jasig project at your job, you might some day! But besides that, there's plenty of content for the Java developer to learn and apply to the other applications that universities generally need to develop (plus you can then mentor all those people who couldn't attend). You also might find that another organization is doing something similar to what you're doing and collaborate (and hey, we have an incubation process just for those types of open source projects -- you can attend a presentation on that!). Also, its already been stated, but the networking opportunities in general are something you can't get elsewhere.

Managers! With all this talk of development, what's a manager to do. Plenty! You'd also probably find those Jasig project presentations quite handy. Higher level presentations on identity management architecture, agile, and partner projects (i.e. Kuali) would probably keep you pretty busy! If not, you and other managers can get together and swap management stories and deployment horror tales (and hopefully learn a thing or two).

All in all, there's something for everyone at this conference. If you're not convinced, I can do one of those top ten reasons you should come. Any takers? No. Ah, well. Then, take a look at our seminars, program, speakers and be sure to register for the Jasig Spring 2010 Conference. And be prepared for Powerpoint Karaoke! See you there!