Scribing Template --Tues., Nov 12, 2013 at 9:45am -- Marina del Rey Room

TOPIC:   K-12 federation management, how to simplify the experience. (this topic is overloaded)


SCRIBE: Chris Phillips

# of ATTENDEES: 24


- How Can a local federation (internal to a school be deployed?)

- How can we easily deploy the technology internally

- How does something like COPA compliance influence a deployment.

- How much do we have to build an IDM 

Definitions discussion pieces

Accounts do map to a single identity, but there are multiple accounts.

What is(defines/is an experience of) a sub federation:  

- delegate trust framework  to inCommon, but be sub-ordinate or compliance but have freedom to add non traditional members not traditionally in federations

- technical and policy distinguish boundaries to federation

- different policies and release of information drive the difference (specifically release policies sound like a driver?)

Why is SP/IDP onboarding different?

- internally, default release policy, eppn, uid, isGuest flag, umnEid 

- eppn to incommon,

- policy difference on this internal fed is about the policies of the institution 

Annecdotal comments:

Tools of inCommon POP doc applied to Campus services was a handy tool to assess and use to vet services


Discussion points:

John K: CMU pilot of different set of aggregates (sets of entities) that are publishing separately. 

These extra elements are subdomained within the CMU space.  

Penn state:  Friends of Penn state IdP, different 

Is there REALLY a Need here??-->  multiple identity providers (in inCommon metadata.

From a scope perspective, IdPs scope is usually linked to domains.  

Technical capability is there for multiple. Administrative allowing of 1 participant to have multiple scopes is a policy. 

Cal State has an example where this has multiple IdPs with multiple scopes within their domain as an example, but experienced pressure from a vendor saying that they are allowed '1 scope'.

Proxy Idp -- what does it mean. Does this mean that an IDP proxy is really a hub and spoke fed --> answers lead to yes. (scribes claim here)

InCommon Interfederation TAC Subgroup (InCommon Interfederation, open to anyone interested)

InCommon-Quilt Federation (Regional, Domestic K-20 Interfederation)

National K-12 Federated Identity and Access Management Task Force (list and monthly calls open to all)


When does it make sense to split out to be another 'federation'? (group response: what is inCommon not able to meet the need on, if nothing, no interior fed needed)


If slides are used in the session, please ask presenters to convert their slides to PDF and email them to

How can federation operators help cultivate knowledge about how to do local federations to incubate and operationalize the campus?

  • No labels