The InCommon Federation
Controlling Privacy and Access to Third-Party Resources
Online Resources and Identity Issues
Fact: Offering online access to such resources as databases, journals and other academic services has become a necessity.
Fact: Students, faculty and staff want to do business online - paying bills, subscribing to services, and taking advantage of third-party offers made available only to a university community.
Fact: Creating multiple accounts is time-consuming and taxing for users, adds to the potential for data spills and identity theft, and dramatically increases helpdesk workloads.
Fact: Setting up individual partnerships with resource providers consumes staff time and can move the control of identity information off-campus and outside of university policies and procedures.
How a Federation Helps
In a federation, organizations establish mutual practices and policies about the exchange of information. By agreeing with federation trust policies, you avoid negotiating a long series of bilateral agreements with each partner. A federation provides single sign-on convenience and allows for all identity data to remain with the university. Online resource providers no longer maintain identity databases, but draw on the information maintained by the university, or other identity provider, in real time.
Making it Happen with InCommon
InCommon is a federation of universities and service providers in research and education. InCommon establishes the trust relationship among organizations through common policies and procedures. Use of a common authentication and authorization software provides single sign-on convenience and allows the home institution to make access decisions without necessarily releasing a user's identity.
A resource provider may need to know only that the user attempting access is a student. By using a common set of attributes that describe users, the host institution can identify someone as a student without releasing a name or distinguishing ID characteristic.
Or, an educational resource may need to know that the student is in a specific biology class. Again, the university can pass along the proper attributes, identifying a user as both a student and a member of the appropriate class, without releasing specific identity information.
The Benefits of InCommon and Single Sign-on
InCommon Saves Time: When you join the federation and set up the trust fabric (policies and procedures), you need not do so again. When you want to affiliate with another service provider, this work is already done - you are using a standard format to exchange information.
IT professionals can focus on identifying and implementing the appropriate online resources to the campus, and establishing collaborative relationships, rather than worrying about authentication and account provisioning. Establishing a new relationship can take just a few minutes. InCommon also serves as a source for identifying online resources.
InCommon Saves Money: Your university no longer needs to manage accounts with each individual service provider. It's one and done - you set up the authentication framework just once. Since the federation manages the trust framework, your IT professionals no longer wrestle with multiple requirements from each resource provider. InCommon participation has can also decrease helpdesk overhead by reducing the number of passwords that users have to juggle, forget and reset.
InCommon Means User Convenience and Satisfaction: Single sign-on convenience - with university-assigned credentials as the cornerstone - eliminates the need for multiple IDs and passwords. When the university fine-tunes the exchange of attributes with a service provider, users can also have the benefit of personalized web content.
InCommon Means Security: The university controls user privacy and safeguards user information by exchanging attributes, rather than having service providers load your user information into their databases. The home institution continues to control the release of information. Data spills become less and less common.
Available Resources: InCommon participants include companies (and other universities) that provide services for the library, registrar, career center, training and human resources, course management and student discounts. See a complete list at www.incommonfederation.org.
Why Not Join InCommon? With an upfront investment of resources - both time and funds - you can enhance services to your customers, reduce the account provisioning load on your staff, and make it a snap to add online services to your campus.
Contact InCommon
John Krienke, operations manager * jcwk@internet2.edu * (734) 913-4250 * www.incommonfederation.org