- Created by David Walker (internet2.edu), last modified on Feb 10, 2021
The InCommon Federation orchestrates secure and seamless single sign-on access to local and global research and collaboration resources for more than 10 million users and nearly 800 educational institutions, research organizations, and commercial resource providers in the United States.
Our focus on enabling research and academic collaboration means our practices are tailored to suit how researchers and educators collaborate with one another.
What's special about collaboration in research and education?
Collaboration is different in research and education than in other sectors of society. While the mere existence of multi-institution collaborating groups is often tightly controlled in commercial and many governmental settings, academic researchers and faculty are encouraged to work together and exchange ideas without institutional control. University support infrastructures are tuned to facilitate this.
Here are some of the ways collaboration differs in research and education:
Collaboration across institutions happens spontaneously. While there are many examples of formally created collaborations, such as instructional courses and grant funded research projects, most academic collaborations are ad hoc, created to meet an immediate, possibly short term, need. For example, a group of students might form a study group while they are taking a course, or a couple of researchers may find that they are working on the same problem and decide to join forces. The (international) academic societies keep their members abreast of current work, so collaborating researchers are likely to come from different institutions.
Research draws on resources from a wide range of disciplines. Many of today's grand challenges cannot be solved within a single academic discipline. These collaborations must include participants with wide-ranging areas of expertise.
Trust is often peer-to-peer between individuals, not among organizations. Collaborations require trust among their participants. In academia, however, this trust is based on the participants' standings in their respective fields, not on formal agreements among the participants or their institutions. When there are formal trust relationships, the agreements generally address issues of the support infrastructure, such as access to funding or other resources.
Identity is for life, but roles, even organizational affiliations, change. Learning is a life-long activity, establishing a relationship for students that starts when they apply for admission and ends as alumni. Faculty and researchers carry their identities with them as they take on different roles within their institution, as well as at other institutions. It is even common for researchers to continue their work in collaborations when they move to a different institution.
Technical support infrastructures for collaborations require participants to have authentication credentials. It is often the case that these credentials can be light-weight, primarily to identify who is contributing what. Some situations, such as those involving personal healthcare information or high-security equipment, require participants to have strong, well-vetted credentials. It is rare, however, for these collaborations to have the resources to support issuance of these credentials; they rely on the participants' home institutions for this.
How does InCommon meet these needs?
Institutions that participate in InCommon create a multi-lateral federated infrastructure to support the creation, maintenance, use, and eventual revocation of the credentials needed for academic collaboration. These institutions leverage the relationship they have with their community members to vet the identities of collaborators, issue them credentials, and maintain current identity information about them. The credentials issued by each institution can then be made available to all institutions that provide collaboration services for the purpose of making access control decisions.
The following are aspects of this federated infrastructure.
- Technical interoperation based on common standards. InCommon, in coordination with its international peer federations, has established a common set of protocols, formats, and profiles to enable home institutions and service providers to interoperate over the Internet. Introduction to Identity Federations is a high-level description of how this works.
- A trust framework based on convention, consensus, and common agreements. Through the InCommon Participation Agreement and other documents it references, all InCommon Participants agree to common operational and security practices affecting the credentials they provide and their response to issues that may arise. See Trusted Relationships for Access Management: The InCommon Model for more information.
- A community-driven governance process. In order to assure alignment with evolving needs of home institutions and service providers, the InCommon Steering Committee and advisory groups are comprised of representatives of multiple constituencies within the extended InCommon community. See https://incommon.org/community/leadership/ for more information.
- Pre-agreed on person information release. In order to facilitate quick startup of new collaborations, InCommon instituted a Research and Scholarship ("R&S") entity category (now the international REFEDS Research and Scholarship category) to define a minimal set of identity attributes needed by research collaborations that would be released automatically to qualified service providers by collaboration-supporting home institutions. The qualifications for those service providers include characteristics of the service provided for research collaborations, the uses to which identity information may be put, and certain technical practices.
- No labels