Steward Program Summary for InCommon Execs Executive Summary InCommon will soon launch the Steward Program as a way for K­12 school districts and community colleges to share the advantages of the identity and access management federation through their regional network. The initial rollout is a proof of concept operated by InCommon and MCNC, the regional research and education network serving North Carolina. This brief overview provides a high­level rationale for implementing the Steward Program. As you will see, ​there is no action needed by you as an InCommon​ participant. However, we want to call your attention to the changes taking place, so you can understand any potential impact; in particular that InCommon is outsourcing some of its organizational vetting responsibilities to another organization. Glossary ● ● ● ● InCommon Participant.​ An institution that has joined InCommon, having signed the participation agreement and paid membership fees. Support Consortium.​ A new InCommon participant class consisting of organizations, such as regional network providers, that provide support services to institutions (including higher education and secondary education) on a consortial basis. Steward.​ A type of Support Consortium that joins InCommon as a Participant and signs the Steward Addendum, allowing it to act on behalf of its Represented Constituent organizations within InCommon. A Steward also assumes some of InCommon’s onboarding roles in support of its Represented Constituents. Represented Constituent.​ A Constituent t​hat receives federation services through a Steward​ and therefore is not an InCommon Participant. Overview of the Steward Program What​: The Steward Program provides a way for K­12 school districts and community colleges to participate in the InCommon Federation through their regional network. Why​: School districts and community colleges use many cloud resources, including some of the same applications as colleges and universities (such as learning management systems). However, they often lack the resources and experience to implement and manage an identity and access management infrastructure. The Steward Program allows a regional network to become a Steward and take advantage of InCommon’s existing policy, technical, and support infrastructure to extend InCommon’s trust, security, and single sign­on convenience to K­12 and community colleges in a scalable way. In many cases, these institutions already have a business relationship with the regional network, affording even greater scalability. August 30, 2016 Steward Program Summary for InCommon Execs 2 How​: The regional network that serves the school district or community college joins InCommon and becomes a Steward (in many cases, these networks are already InCommon participants). The regional takes on some of InCommon’s onboarding responsibilities and manages the IAM infrastructure for the school district or community college (which are known in this model as “represented constituents”). The graphic below demonstrates these relationships. What is changing? 1. InCommon is introducing a new type of participant for regional network providers ­ “Support Consortium.” This participant type will be added to the InCommon Participation Agreement. ​This requires no action from current InCommon participants. The InCommon participant types will now be: a. Higher Education b. Research Organization c. Sponsored Partner d. Support Consortium 2. A Support Consortium that wishes to become a Steward will sign an addendum to the InCommon Participation Agreement, which specifies the relationship between InCommon and the Steward. The first Steward will be MCNC, which will operate a proof of concept of the Steward Program in collaboration with InCommon.. T ​ his requires no action from current InCommon participants. 3. Under the Steward Program, Stewards will manage technical infrastructure and participate in InCommon on behalf of their Represented Constituents. Stewards will also act under contract to InCommon for the organizational vetting and review of trust registry information (“metadata”) for their “Represented Constituents” (the K­12 schools and community colleges that the Steward serves). InCommon will train the Stewards with the August 30, 2016 Steward Program Summary for InCommon Execs 3 same processes and procedures it uses, and monitor them to assure no material change to the trust model. While entities will appear in the trust registry that have not been vetted directly by InCommon (the Represented Constituents), because the Steward is contracting with InCommon, and will be trained by InCommon, there will be no material difference between entities vetted by InCommon and those vetted by the Steward. ​Thus this requires no action by current InCommon participants. 4. This graphic shows how Stewards and Represented Constituents are incorporated into the trust model with some responsibilities delegated (or outsourced) to the Steward. August 30, 2016