HOME / NEWS & EVENTS /

PIN2 protocol support, IAM Authorization Proxy Service to be Retired by 11/30/2023

September 27, 2022

IAM will be retiring support for the PIN2 protocol and the Authorization Proxy (“AuthZProxy”) service of HarvardKey by 11/30/2023.

 

What action do I need to take?

If your HarvardKey-integrated application relies on the PIN2 protocol or AuthZProxy, please plan to move to a supported integration protocol (CAS, SAML or OIDC) as soon as possible. 

 

To learn more about how to integrate your application with HarvardKey using a supported protocol, please refer to our HarvardKey Application Integration Getting Started guide.

 

How do I determine if my application relies on the PIN2 protocol or the AuthZProxy service?

The best way to determine which protocol(s) your application is using is by looking up your application’s registration(s) in the Registration Dashboard of the HarvardKey Application Registry (HKAR). For more information about using HKAR, see our Getting Started with HKAR guide.

 

What are PIN2 and AuthZProxy?

PIN2 is a home-grown authentication protocol, developed at Harvard before more widely-adopted, community-supported protocols like CAS, SAML and OIDC became available. AuthZProxy was developed to provide authorization filter and attribute release capabilities to applications integrated with HarvardKey using the PIN2 Protocol. In 2015, IAM stopped offering PIN2 and/or AZP services for new applications seeking to integrate with HarvardKey and ceased to make further changes to the PIN2 and AuthZProxy client code. 

 

Why are PIN2 Protocol Support and AuthZProxy Being Retired?

Retirement of these legacy services will ensure that the security of HarvardKey remains aligned with industry best practices.

 

What if I don’t have technical resources to move to a supported protocol?

We understand that moving to a new protocol may present challenges for legacy applications with limited technical support. We are providing more than 12 month’s advance notice to allow teams to plan for this work and include funding for technical resources in the FY24 budget if required. 

 

Questions?

Join us for our weekly Authentication & Authorization Office Hours on Tuesdays from 1-2 pm. 

This will be the first of several notifications we plan to send regarding this service retirement. IAM will be communicating directly with customers whose applications use the PIN2 protocol or AuthZProxy in the coming months.