Partnering for K­14:
The InCommon Steward Program
Federation for K­12 Schools and Community Colleges in Partnership with Regional Networks

August 30, 2016

Partnering for K­14: the InCommon Steward Program

1

Partnering for K­14: the InCommon Steward Program
Executive Summary
Participating in the InCommon Federation offers significant benefits for higher education
institutions and research organizations, providing a common framework for trusted shared
management of access to online resources. K­12 school districts and community colleges could
reap the same benefits, but often lack the resources, skill sets, or experience to implement and
manage the necessary infrastructure.
After a series of discussions and pilot projects, InCommon and the Quilt (which represents 36
state and regional networks in the U.S.) recognized that scaling federation services to the large
number of K­12 school districts and community colleges would require distributing some of
InCommon’s administrative and onboarding tasks. Given that the state and regional networks
already have substantial relationships with K­12 and community colleges, those organizations
emerged as a natural place for these delegated functions to reside. This forms the basis for the
Steward Program.
Under this program, the Steward wears two hats.
➢ On behalf of InCommon​, the Steward provides registration authority services related its
member K­12 school districts and community colleges (also known as “Represented
Constituents” or RCs). The Steward will be trained to follow the same vetting and
onboarding processes as InCommon.
➢ On behalf of its RCs​, the Steward manages Identity Providers and Service Providers
and the associated metadata, and provides other technical services.
InCommon will provide​ annual training for the Steward, policy coordination, a tier­two help
desk, and the infrastructure backend for the federation.
Stewards must sign an addendum to the Participation Agreement, which defines the terms and
conditions under which the Steward can act. There are also minor changes to the Participation
Agreement and the Federation Operating Policies and Practices (FOPP) to describe the
Steward Program and to enable Research and Education regional network providers to become
InCommon Participants (and, therefore, Stewards). The modifications to the Participation
Agreement do not require any action on the part of current Participants.
The balance of this document provides information about the implications of the program and
the planning process for deployment.

Background
InCommon and several state and regional network organizations have worked together on
shared potential business and technical models to enable national scaling of the InCommon
August 30, 2016

Partnering for K­14: the InCommon Steward Program

2

Federation for K­14 schools (K­12 plus community colleges). Participating in the InCommon
Federation has demonstrated significant benefits for higher education and research
organizations, providing a common framework for trusted shared management of access to
online resources.
Reducing staff and service integration costs, increasing security, and enabling ease of access
for students and teachers are just a few of the long­term benefits offered by an identity
federation ­ be it for higher education institutions or K­12 school districts. However, K­14
schools often lack the resources, skill sets, or experience to implement and manage the
necessary infrastructure to participate in an identity and access management federation.
A formal effort to overcome these barriers emerged in 2011 with the creation of a task force that
included representatives from Internet2, InCommon, EDUCAUSE, CoSN (the Consortium for
School Networking), and the Quilt, which represents the 36 state and regional networks in the
U.S. This led to the creation of the Quilt/InCommon KAF (K­12 Access and Federation) Working
Group to brainstorm and strategize on potential approaches.1
Early in this process, the working group recognized that scaling federation services to the large
number of K­12 schools and community colleges across the country would require delegating
some of InCommon’s administrative and onboarding tasks. Given that the state and regional
networks already have substantial relationships with K­12 and community colleges, the task
force recommended those organizations as a natural place for these delegated functions to
reside.
Eight pilot projects were formed, each taking somewhat different approaches to the
development of business and technology models for K­14. To conduct the pilots, Internet2
provided education, technology guidance, and connections to industry partners and collaborated
with regional networks to engage their members on federation and provide guidance for the
specific pilots.
Each of the pilots developed plans for proving a targeted approach to K­14 federation.2 Several
pilots worked with industry partners in forming their plans and providing identity services to their
constituents. The pilots were conducted by:
➢
➢
➢
➢
➢

Illinois: NCSA and IlliniCloud
North Carolina: MCNC
Maryland: MDREN
Michigan: Merit
Nebraska: ESUCC

1

https://spaces.internet2.edu/display/InCQuiltFed
https://spaces.internet2.edu/download/attachments/36701388/QuiltInCommonK­14IdentityFederationPilotPr
ogram­WhitePaper.pdf?version=1&modificationDate=1447440569326&api=v2
2

August 30, 2016

Partnering for K­14: the InCommon Steward Program

3

➢ Ohio: OARnet
➢ Utah: UETN
➢ Wisconsin – WiscNet
This work of the pilots led to the identification of multiple partnership models that enable Support
Consortia (such as these state and regional networks) to participate in InCommon.

The Steward Program
Of the models demonstrated by the pilots, the Steward Program was selected as the first for
implementation, with MCNC serving as the Steward. Under this model, the Steward assumes
responsibility for supporting K­12 and community colleges (Represented Constituents) and also
assumes some of InCommon’s responsibilities.
On behalf of Represented Constituents, the Steward:
➢ Manages the operation of Identity Providers and Service Providers
➢ Enables federation services by providing federated credentials
➢ Deals with dispute resolution and other operational and policy issues with InCommon
and InCommon participants
On behalf of InCommon, the Steward:
➢ Reviews and approves metadata to be added to the InCommon trust registry
➢ Provides support and training for Represented Constituents
➢ Promulgates InCommon policy and practices to Represented Constituents
➢ Provides registration authority duties (vetting of organizations and their contacts)
InCommon provides the infrastructure backend including:
➢ Signed metadata production, federation service enhancement, trust model and practice
development and promulgation
➢ Tier two help desk
➢ Annual training for Steward staff
➢ Community­wide policy coordination, identity community convening and leadership

Benefits
Benefits for InCommon
➢ Delivers on a strategic direction
➢ Provides a scalable method for extending the federation to K­12 and community colleges
➢ Benefits key partners and builds on the existing relationships with state and regional
networks

Benefits for the Steward
➢ Enhances collaboration with K­12 and community college members
August 30, 2016

Partnering for K­14: the InCommon Steward Program

4

➢ Federated identity management reduces support traffic by reducing signons
➢ Federated IdP increases security and simplicity by reducing the need for
multiple credentials
➢ Provides access to a national trust infrastructure and teaching, learning and
research services across all of U.S. research and education
➢ Leverages the existing InCommon Federation technical and support
infrastructure

Benefits for the School District and Community College
New possibilities for sharing of services and software
Potential seamless transition from one educational level to the next
Access to national and international resources
Reduces the number of passwords individuals need to remember, and reduces
the likelihood that their credentials will be compromised
➢ The Steward manages the technical infrastructure, so no need for additional
resources and technical expertise
➢
➢
➢
➢

InCommon in the Context of the Steward Program
The Steward Program will require changes for the InCommon Federation, which are identified in
this section.3

The Steward Program and the InCommon Trust Model
The InCommon Federation is built on a trust model that starts with InCommon/Internet2 staff
members using documented uniform processes and practices to verify and onboard each new
participant. As noted above, InCommon will delegate some responsibilities to the Steward
Program, such as managing the onboarding of the K­12 and community colleges the Steward
represents. As part of the Steward Program, InCommon will train the Steward’s staff as to its RA
processes and procedures.4 InCommon will also monitor the Steward for compliance.

Introducing a New Class of Institutions
To date, a handful of K­12 institutions have joined InCommon as Sponsored Partners. Under
the Steward Program, potentially thousands of K­12 schools would participate. Under the
Steward Program, all of these organizations would be Represented Constituents (RCs).
Stewards, rather than InCommon, would be responsible for the onboarding and vetting process
for these RCs.

3

InCommon and MCNC developed a white paper that explores models for the potential business
relationship between InCommon and the Regional Network Provider serving as the Steward.
http://tinyurl.com/ky2r5wl
4
For a detailed look at the InCommon trust process, and how the Steward Program changes things, see
www.incommon.org/steward/TrustModelStewardProgram.pdf.
August 30, 2016

Partnering for K­14: the InCommon Steward Program

5

Lack of Direct Contact with Represented Constituents
Because InCommon has little or no contact with the RCs, it may be difficult to understand their
needs and, thus, may compromise the Federation’s ability to evolve to accommodate those
needs. To this end, InCommon will, in conjunction with the Steward, develop a method to gather
feedback at least annually. This will also likely involve engagement with organizations that have
a broader scope for K­12 education, such as CoSN.5

Implementation Approach and Timeline
InCommon and MCNC will launch a proof of concept of the Steward Program in Fall 2016 with
the intent to register eight to ten Represented Constituents. The proof of concept will allow the
opportunity to collect data and determine whether the program is meeting its goals and
providing the expected benefits. InCommon and MCNC will agree on a date for a review of the
proof of concept and determine next steps and a timetable. Items for review will include:
➢
➢
➢
➢
➢

Benefits to Stewards and Represented Constituents
Impacts of outsourcing of InCommon's onboarding functions
Impacts of increasing K­12 participation in InCommon
Operational issues
Resource requirements for InCommon and MCNC

We will publish a summary of what we learned at the end of the proof of concept.

Conclusion
The InCommon Federation was established to support scholarship, research, and teaching and
learning. These activities have evolved to transcend national boundaries, but also vertical
boundaries within the U.S. The case for federation ­­ trust, security, single sign­on convenience
to multiple services, and ease of access control ­­ apply to all levels of research and education,
from the international researcher in applied physics to the grade school teacher using online
resources for lesson plans and the latest in teaching techniques.
The ​Steward Program will help scale federated identity management in a sustainable way, and
take advantage of the preexisting relationships among the regional network providers and their
K­14 constituents. Many hands make light work, and sharing the Registration Authority
responsibilities among these partners will ensure that technical and process requirements will
not become roadblocks to participation.
While the InCommon/MCNC partnership will be of limited scope initially (involving just a few
school districts), this represents a first step in extending the InCommon Federation to K­14, and
for developing ways to extend the Registration Authority responsibilities beyond InCommon.
5

CoSN (the Consortium for School Networking) is the premier professional association for technology
leaders in K­12 education. ​http://www.cosn.org/
August 30, 2016

Partnering for K­14: the InCommon Steward Program

6

The success of this program could mean the rapid growth of the Federation, e​nabling ease of
access for students and teachers and providing a potential seamless transition among the
various levels of education.

August 30, 2016