Estimated reading time: 4 minutes
By Kenneth “Ken” Klingenstein, Internet2 Evangelist for Trust and Identity
We had no idea what we were doing.
Led by our fearless leader, RL “Bob” Morgan, we were wandering through green fields, looking for technologies that would enable institutions to share authentication information and attributes. Our Shibboleth for that effort was to authenticate locally and act globally.
We knew that if our wanderings were technically productive, we would need to create some organizational mechanism for a relying party to trust the information it received from the institution providing authentication and attributes. But our mascot, a flying pig, was indicative of how hard and unlikely to succeed we thought the task ahead was.
Yet, due to the creative skills of that merry little band, a clever set of technologies was crafted, and SAML emerged. Because our three primary use cases spanned libraries and scientific research, the resulting protocols were unique in preserving privacy both and for providing strong authentication and support access controls.
It was then time (sigh) to figure out how to make the exchanges we were technically enabling trustworthy. And, since the folks doing the technical work were typically also responsible on their campuses for the security of identity, we would need to convince ourselves of trust in the system. We still knew we had little idea what we were doing, so it was daunting.
And so began InQueue, a group of institutions and a set of shared gestalts about identity management practices that would be the best effort but perhaps sufficient to create trust. The group of schools knew each other well enough to make such an approach acceptable, but if trust was to scale, both in the U.S. and internationally, it would take more.
So InQueue begat InCommon. Best efforts became explicit agreed-on practices, albeit with self-audit. Handshakes and nods became contracts. InCommon needed to take on a set of tasks that were novel but critical: setting up a vetting mechanism for institutions, learning to manage metadata for potentially large numbers of participants, and making the federation’s central operations a trustworthy component of the overall transaction.
This pioneering effort caught the attention of the federal government. That was a mixed blessing. It brought in a set of important applications and gave InCommon greater visibility, especially in other verticals such as pharma and real estate. But it also triggered a set of federal regulations and requirements. While we were still fledging piglets, we were being asked to fly. Fortunately, we were given a chance to shape those regulations, and InCommon became a significant influence on federal directions.
InCommon also caught the eye of international companions. Although InCommon was the first SAML federation, similar needs existed in several countries with vibrant research and education (R&E) communities. Moreover, the international nature of academic research meant that developments needed to align, and so InCommon began to shape nascent federations in Europe, Asia, and elsewhere. It was a remarkable bloom.
In retrospect, we were doing more than we thought. We weren’t creating a technology that needed a trust infrastructure to make it operational. It turned out to be all about the trust, and collaboration, infrastructure itself, one that would adapt to technological changes, from SAML to OIDC to verifiable credentials. InCommon would become a platform for general interinstitutional interactions.
Looking forward, there are likely new heights to aspire to—the InCommon Futures2 report points to some of these possibilities. The complexities of identity management and its increasing importance as the basic building block of IT suggest the need for firmer guidance. New levels of community engagement could be created as R&E responds to regulatory, enrollment, and fiscal pressures. Future posts celebrating InCommon’s 20th birthday will explore these open skies.
But when we started as tiny piglets at the turn of the century, we never saw the wings that are now lifting InCommon and our community.