What Does the Federation Do?
Global single sign-on to research and education
The InCommon Federation makes possible secure and scalable single sign-on to local, remote, and cloud services around the world.
Leveraging organizational identities for global single sign-on access
When users access a service in the federation, the home organization and the provider of the service need to already know the technical and security setup, what the user experience is going to be, and so on. They also need to rest assured that the organization on the other end is doing what’s expected. And if it doesn’t, they all need to know where to go and what to do.
Scaling is the rub
Managing this with 10 partners is difficult enough, but when the scale is involved, it becomes unmanageable. This is where setting up the rules of the road that organizations adopt really simplifies and speeds up getting researchers collaborating or students learning.
Read on to find out more about the specifics of what we do as the InCommon Federation operator. Also, EDUCAUSE has an excellent two-page article that discusses and explains federated identity in more detail. You can also find out more about InCommon works in the Trusted Relationships for Access Management: The InCommon’s Model.
Map the real-life organization to the electronic world
When an organization joins InCommon, we do a lot to:
- verify that the company or school, for instance, actually exists and agrees to the community legal structure, the foundation of the Federation,
- ensure that the people representing the organization actually do represent it and
- provide secure ways for participants to provide information about the services they want in the trust registry.
Why is this important? You need to rest assured that the services you’re providing are being accessed by the right individuals. That starts with mapping the physical to the electronic world.
Provide trust registry of participating organizations
A phone book you can trust: The InCommon Trust Registry/Metadata Service
The federation’s role is to provide the standards by which all participants abide, such as policies and procedures. The federation also maintains and protects the trust registry (which is also known as the metadata service – for our purposes, the terms are interchangeable). All organizations enter information in the trust registry (system URLs, contact information, security keys, logos, and other items). The federation operator ensures that this information is complete, represents the participant system information, complies with standards, and keeps the trust registry safe and secure.
The InCommon Federation is the signer and curator of US research and education trust registry information used in federated transactions globally. Think of the registry as a trust phone book. The InCommon Trust Registry/Metadata Service allows Service Providers and Identity Providers to communicate with each other safely and securely.
Enforce agreed-upon norms and set good defaults
The community sets the bar
The community works with InCommon Operations to develop requirements and recommendations to address needs and increase value to research and scholarship endeavors. We are the community’s mirror.
InCommon Operations helps the community get there
The InCommon Federation helps the community to hold itself accountable by ensuring adherence to your standards through our legal structure and operations.
- The InCommon Community Trust and Assurance Board, for instance, works with us to ensure all participants adhere to the metadata portions of InCommon Baseline Expectations for Trust in Federation.
- The community has developed a Community Dispute Resolution Process to ensure organizations can bring up an issue and have a peer group review and rule on next steps.
- Our Shibboleth software is pre-configured to work with the Federation and includes a UI that makes all of the metadata management easy.
Evolve to meet changing needs
Global community makes this all go.
The community gets together and decides what’s needed to move the bar upward. For instance, an important global research organization worked with others to develop a federated incident response process and policy that InCommon now supports.
We also work with our federation operator colleagues around the world to ensure our practices, technologies and business approaches align and evolve towards making it easier for people to do their work and IT shops to support them.