Vice Provost for IT Kevin Morooney wins Internet2 leadership award

Kevin Morooney, vice provost for information technology at Penn State, was awarded the President’s Leadership Award at the 2014 Internet2 Global Summit on Tuesday for his work to advance how universities manage and protect digital identities in cyberspace.

The approach, called identity and access management, is changing how Penn State and other universities across the nation treat the digital personas of their students, faculty and staff — and Penn State is ahead of the curve.   

Morooney’s efforts in this area have positioned Penn State as a leader in identity management among higher education institutions, and have paved the way for University initiatives such as the Central Person Registry and the new Identity Services unit. Evolving challenges related to identity and data management in higher education have given rise to the need to better balance university policies, business processes and technologies to securely connect people with information and each other.

“It used to be about connecting people to machines, then people to data, and now we’ve moved into a time when it's all about connecting people with people. We do that with federating identity,” said Morooney.

Given the tremendous amount of information on the Web, federating identity allows people to use their Penn State online credentials to access many services and systems across multiple organizations and business entities — making new forms of innovative research, multi-institutional collaboration and personal connections possible.

But it’s about trust.

“Trust is different on the Internet, but still very important,” said Morooney. “The ways we trust each other in person don’t scale to the Web and social media, and we can’t meet everyone we interact with online. A federation of member organizations that trust each other and work together is the foundation for connecting people with people.”

For the past decade, consistent with the vision of the founders of identity federation Ken Klingenstein and RL "Bob" Morgan, Penn State has been collaborating with the Internet2 consortium of universities and the InCommon Federation to make it possible for university communities to authenticate locally, but act globally.

InCommon is a federation of institutions and organizations — of which Penn State was one of the first members — that works to ensure the safe access to and sharing of online resources among its members. Through InCommon, universities protect the digital identities of their students, faculty and staff by allowing them to sign into the members’ various systems and websites using just one digital identity.

In 2013, Penn State’s participation in InCommon gave students, faculty and staff secure access to seventy-five online resources, including Yammer at Penn State, lynda.com, Skillport and Penn State WikiSpaces through Shibboleth, an open source single sign-on service. When a person logs into an external site using their University credentials, Penn State asserts their information is valid through Shibboleth and grants them access to different resources or websites depending on their University affiliations.

But the single sign-on is only one piece of the identity and access management puzzle.  

“How we are able to do federated identity within the InCommon community and with the Shibboleth software depends on how well we manage and protect the privacy of digital identities and person information — preferred names, addresses and identification numbers — for people on our own campuses,” said Renee Shuey, director of Identity Services at Penn State.

To streamline how digital identities are cared for and build a way to manage person information in real-time across the entire University, a new unit called Identity Services was created nearly one year ago. Morooney called on Shuey to lead the way.

Today, the unit is working to align Penn State with government, corporate and higher education directions for managing identities in cyberspace, and to converge the authentication, access management, federating identity and registration components of more than 20 Penn State services, including WebAccess, Penn State Access Accounts, User Managed Groups and Shibboleth.

“We live our lives online, which is why real-time access is so important. After changing a name, being hired or accepted to Penn State, identity information should be reflected immediately across all IT systems,” Shuey said.

“The goal is to create a real-time, user-centric environment that we know we’ll need in the next decade at Penn State,” she added.  

One system — a new Central Person Registry (CPR) — is making that objective possible. By the end of 2014, the CPR repository will become the authoritative source for the identity information of University students, faculty and staff to be used for federating identities.

The CPR will grant or allow people to maintain their level of access to online resources and services under such circumstances as changing a name, transferring to a different department at Penn State or moving to a new university. The CPR will ensure this information is always up-to-date, correct and easy to change.  

Through Morooney and Shuey’s work, Penn State is now one of a handful of schools that requires every third-party business and service provider with which the University does business to join InCommon. Morooney has also called on the wider higher education community to invest in federated identity by recruiting colleagues at the Committee on Institutional Cooperation (CIC) to make identity management and federation a priority. Today, all 15 CIC universities have joined InCommon, implement its policies and promote broad university and industry participation.

“Kevin cares about people and relationships — identity and access management is the digital representation of that care,” Shuey said. “It’s about enabling the right people to connect with the right online services while making sure they’re represented accurately. Kevin had this vision more than a decade ago, and since then has helped move Penn State to places none of us could have on our own.”

Each year, the President’s Leadership Award recognizes individuals within Internet2 for their outstanding service, dedication and achievements that benefit the global education and research community.

Contacts: 
Last Updated April 09, 2014