Joining the InCommon Federation
Joining the InCommon Federation
1. Are you eligible?
Participation is open to:
- Higher education: two- and four-year degree-granting accredited institutions.
- If you are a California Community College, please go to this page for special instructions and agreement.
- Research organizations: Labs, facilities, or centers related to a particular federal research agency and listed on an official publicly available government listing. Not sure if you’re eligible? Send us a note!
- Sponsored partners: Business, education, and research organizations that partner with higher education. These organizations require a sponsor from one of the other categories – a very, very lightweight process.
2. Sign the agreement
Sign the InCommon Participation Agreement. Here’s a preview copy; the actual signing is done electronically.
In general, the Participation agreement lays out the responsibilities of each InCommon organization, such as:
- We all agree to use SAML (Security Assurance Markup Language) software
- We use the same format when exchanging identity information
- We ensure that information in the trust registry is accurate, including contact information
- We respect intellectual property rights and individual’s right to privacy when handling identity information
- The InCommon Federation wiki has detailed information about software, best practices, Baseline Expectations, and policy and technical specifications.
3. Participation Fees
InCommon participation fees support the InCommon Federation operations and improvements, as well as the InCommon Trusted Access Platform software that is a crucial part of the Federation and interoperating. Here’s the fee schedule.
4. Register
Register your organization: We’ll send you a link.
Register your contacts: Use the registration link to appoint your key contacts: InCommon Executive and InCommon Site Administrator(s).
5. Identity Proofing
Once your registration is received, we’ll identity proof your Executive and the technical Site Admin(s). We will then create accounts for the Site Admin(s) and send them an email with instructions for activating their credentials.
6. Federate!
Deploy Software: As noted above, your software needs to speak SAML in order to operate in the Federation. Many organizations (including 90 percent of those deploying Identity Providers) use Shibboleth as their federating and single sign-on software. Shibboleth is part of the InCommon Trusted Access Platform identity and access management suite. Our software is all containerized for simpler installation and configuration.
Manage your stuff: Your site admin(s) can now access the Federation Manager for uploading your metadata. See more information on the wiki.
Register your services in the metadata (our trust registry): Think of the metadata as a digital directory where Identity Providers and Service Providers look up each other’s critical digital signing, connection and contact information. When your metadata is complete, you make interoperation much easier. You will no longer need to coordinate configuration changes with each connecting partner one at a time. Time spent now will pay you back over the lifetime of your Identity Provider and/or Service Provider. The InCommon Federation wiki has much more information about metadata.
Getting more out of the Federation: One of the biggest strengths of the InCommon Federation is its community: passionate and knowledgeable peers who understand your issues and are eager to help. Become an active part of the community.