January 5, 2021
This page provides guidance to CIOs and PIs on how to address InCommon-related requirements that NSF CC* solicitations must include in their Campus Cyberinfrastructure Plans. The language in the solicitation is:
- The plan should include the campus status and plans with respect to federated identity and specifically InCommon, including: if the campus is registered with InCommon as supporting the Research and Scholarship (R&S) Entity Category to streamline integration with research applications, and if the campus meets the InCommon Baseline Expectations for Trust in Federation.
These requirements help ensure that campus researchers can successfully use their campus credentials to access research-related services without needing to create accounts at each service. This post will help you understand what all of this means and how to enable this on your campus (if you haven’t already).
We also plan to hold a webinar on Wednesday, January 20, 2021, at 2 pm ET, featuring past NSF CC* proposals that were funded.
What Does It All Mean?
Federated identity and InCommon
In basic terms, “federated identity” means the ability to use your campus-issued username and password to access many services, both on-campus and off-campus. To make this work, colleges and universities — as well as research organizations, national labs, and companies — agree to a common language and technology. InCommon provides the necessary infrastructure, called an identity management federation.
Research and Scholarship (R&S) Entity Category
Think of this as an optional add-on to the InCommon-enabled single sign-on. R&S is a global program designed to let scholars and researchers quickly and seamlessly access collaborative tools and applications without having to negotiate the often complicated campus data release processes. Examples include:
- a wiki at another university.
- collaborative research tools at major research facilities like CERN in Switzerland.
- using CILogon, which enables a user’s campus credential to be used to access a variety of research cyberinfrastructures such as XSEDE.
- the research portal at the National Institutes of Health (NIH) without having to negotiate the often complicated personal data release procedures on campus.
With R&S enabled, an individual links to one of the above services andhttps://incommon.org/federation/info/all-entity-categories.html it knows who the person is and whether to provide access. On campus, this gets IT out of the business of having to make a person-by-person decision on sending along this additional identifying information.
Here are links to the R&S Entity Category specification and an FAQ.
Meeting the R&S Requirement
Check to see if your IdP or SP is listed as already meeting the Research & Scholarship specification.
This wiki page describes how to enable an identity provider (typically a campus single sign-on system) to automatically provide the R&S information to R&S tagged services. Your InCommon site administrator can add the R&S tag to your campus information at the InCommon Federation. Services that qualify can fill out this application to be given the R&S tag.
Baseline Expectations for Trust in Federation
Baseline Expectations is a collection of operating practices that all InCommon participants must adopt. These practices cover areas such as security, operational maturity, user experience and support. Together, they make interoperating among more than 1,000 organizations more predictable, efficient, safe, and ultimately, more trustworthy. While Baseline Expectations was originally introduced in early 2019, InCommon updates the requirements as the needs of the community evolve. A second group of expectations is under way.
Meeting the Baseline Expectations Requirement
A wiki page, Implementation Guidance and Best Practices for Baseline Expectations v2, defines, explains, and gives detailed guidance for implementing the three new Baseline requirements.
This all is a mostly high-level overview of the InCommon-related requirements for the NSF solicitation. If you have further questions, please email firstname.lastname@example.org and we will be happy to help.