By James Cramton, Trust and Identity Industry Relationship Manager, Internet2
Estimated reading time: 4 minutes
Emerging technologies and evolving security challenges are reshaping identity and access management in research and higher education. During last month’s IAM Online webinar, we heard six InCommon Catalyst partners’ perspectives on the current and near future states of identity and access management (IAM) in research and education (R&E). Here’s an overview of the trends they highlighted.
Workforce and Budget Challenges
The R&E community is facing significant challenges with IAM, including staff turnover, loss of domain expertise through retirements, and increasing budget constraints. Post-COVID enrollment declines have further strained resources while security and compliance demands continue to grow. Commercial providers are also raising prices for essential services, forcing institutions to reevaluate long-standing practices like providing alumni email accounts for life.
Federation Proxies and Emerging Technology Adoption
Federation proxies are becoming increasingly accepted as practical solutions for integrating new technologies while maintaining existing deployments. These proxies serve two main functions as federation adapters that serve identity providers to the InCommon federation and federation proxies that handle authentication between InCommon and target applications. This approach helps institutions manage complexity and maintain stability while adopting new security tools and protocols.
OpenID Federation and the Future of Federation
OpenID Federation is emerging as a potential replacement for current global research and education trust frameworks. This standard provides a flexible trust management model using trust chains – signed assertions that allow entities to trust each other through mutual trust anchors. The interest in OpenID Federation is driven by the declining standardization of XML and SAML, which are becoming less maintained and present challenges for cryptographic agility and metadata management. Additionally, OpenID Foundation’s potential to support verifiable credentials opens the door to collaboration across multiple industries, including academic credentials, research computing, finance, healthcare, and government.
AI and Identity Management
Artificial Intelligence is being increasingly deployed in IAM solutions, particularly in risk-based authentication, anomaly and fraud detection, identity verification, threat intelligence, predictive analytics, and compliance automation. However, it’s important to distinguish between machine learning approaches, which are more auditable and concrete, and generative AI, which can be prone to hallucinations and security risks. Universities are uniquely positioned to explore AI implementation given their existing graphics processing unit (GPU) compute resources and research capabilities.
Machine Learning and Role Mining for Access Management
AI-powered role mining and outlier detection are helping organizations optimize their identity governance. By analyzing existing access patterns, these tools can suggest role structures and identify unusual access rights that may indicate security risks. This approach helps simplify identity governance while maintaining security through data-driven insights rather than relying on potentially problematic language models.
Security Considerations and Best Practices in AI Adoption
As institutions adopt these new technologies, several key considerations emerge:
- Running smaller AI models locally on your scale to enhance privacy, security, relevance, and efficiency
- Carefully evaluating AI vendors and solutions
- Finding your right balance between convenience and privacy in biometric authentication
- Using existing frameworks to watch for Gen AI hallucinations
Looking Ahead
The future of IAM in higher education will continue to see security and compliance demands driving technology adoption in an environment with fewer skilled human resources. Well-curated AI can help manage the increased threat detection demands in an increasingly complex security context. However, success will depend on institutions’ ability to:
- Maintain clear use cases for new technology adoption
- Balance innovation with security and privacy concerns
- Leverage existing resources and expertise
- Collaborate through communities like InCommon
As these trends continue to evolve, R&E institutions must stay informed and strategic in their approach to IAM. The key to success lies not in rushing to adopt every new technology, but in carefully evaluating solutions that address specific institutional needs while maintaining security and privacy standards. Through continued collaboration and careful planning, institutions can navigate these changes while building more robust and efficient identity management systems.
ICYMI
IAM Industry Leaders Map Out 2025’s Critical Trends & Guidance for Higher Ed