PIN3 Decommissioning Continues Toward End-of-Year Target

November 18, 2014
PIN3 Decommissioning Continues Toward End-of-Year Target

With Harvard’s PIN 3.0 authentication service scheduled to be decommissioned by Dec. 22, 2014, progress continues apace to move applications currently using “PIN3” to one of the other methods of user authentication offered by the Identity & Access Management (IAM) group at HUIT. As of Nov. 14, 98 of the 156 applications — 63 percent of total “web gates” — have either migrated or are in the process of doing so.
 
“We’ve made substantial progress toward this important goal, but there’s still the final push,” says Gretchen Grozier, IAM community manager. “With only 22 working days before decommissioning, it’s critical that PIN3 web gate owners continue work on making sure their applications are ready to use one of our other, newer means of user authentication.” With this in mind, the IAM team has stepped up support to aid application owners in the transition, offering assistance and technical support.
 
"We want to do everything in our power to transition every application off PIN3 before the deadline,” says Grozier, “so we’re extending IAM team resources to make the switch as streamlined as possible.”
 
So why is PIN3 being decommissioned as a way to authenticate users to Harvard Community resources? One reason is HUIT’s overall drive to reduce the number of redundant systems in use at Harvard, particularly as a result of the University’s transition to a single central IT organization. Another key factor is user convenience: Once PIN3-based apps move to one of the other available protocols — specifically SAML/Shibboleth or CAS, the open-source Central Authentication Service established by the Jasig higher-education consortium – users of those apps can enjoy the convenience of single sign-on functionality shared with a large base of applications already using those protocols. Additional federation options via InCommon, available to apps using SAML/Shibboleth, can open opportunities for users from other institutions to gain access to resources currently limited only to Harvard users. And although making the switch to another authentication method does involve some development work, CAS or SAML/Shibboleth can potentially be simpler to implement — particularly for software-as-a-service or packaged vendor solutions, which may support CAS or SAML out of the box.
 
While IAM has been working closely with web gate owners affected by the PIN3 sunsetting over the summer and autumn to smooth the transition, anyone interested in learning more about authentication options for Harvard applications and services should contact IAM deputy product manager Masha Shoykhet. To learn more about all the services provided by the Identity & Access Management program, please visit iam.harvard.edu.

>> See all news from the Identity & Access Management program