Blog

During April 2017, InCommon and MCNC focused on the Internet2 Global Summit to discuss the status of the Steward Program with other regional networks, and their potential interest in participating. Ann West and Mark Johnson used a short slide deck for these discussions.

MCNC is also discussing next steps with potential service providers for K-14 that have signed Memoranda of Understanding to provide their services to MCNC’s Represented Constituents. In addition, MCNC continues to develop documentation for its processes, including what it means to ensure operational control of its Represented Constituents’ IdPs and SPs under the InCommon Steward Agreement.

With a six-month update on the proof of concept due June 30, MCNC and InCommon have developed an outline for a status report of successes and challenges, with recommendations on next steps for the program.

During March 2017 the InCommon Steward Program focused on engaging with service providers of interest to K-14. MCNC now has letters of intent (in the form of Memoranda of Understanding) from four service providers:

• The North American Network of Science Labs Online

• Pisgah Astronomical Research Institute

• NJEDge, for the Illumira service (formerly NJVid)

• Merit, for Merit Commons


Discussions are underway with another four service providers. In addition, four additional K-14 organizations are in the pipeline to join the Steward Program as Represented Constituents (there are already three K-14 organizations in the fold).

On the operational side, MCNC and InCommon are refining their documentation to smooth the process of onboarding new Represented Constituents.

InCommon and MCNC are developing goals for April and May, including creation of an “elevator talk” for discussions with other regionals potentially interested in the Steward Program, and starting to draft a final report on the proof of concept, which is scheduled to conclude at the end of June.

Background

In November 2016, MCNC, the non-profit operator of the North Carolina Research and Education Network (NCREN), introduced a first-in-the-nation, proof of concept to extend InCommon Federated Identity Management (FIM) technologies beyond universities. Under this Steward Program, K-12 schools and community colleges in North Carolina would have the ability to use secure local credentials to safely access a wide array of online educational resources. MCNC acts as the Steward for North Carolina institutions in the program, managing and supporting organizational trust to facilitate participation in the national FIM system.

MCNC Onboards Three Organizations into InCommon Steward Program

The InCommon Steward Program proof of concept is now well underway, with MCNC having registered three Identity Providers (IdPs) as Represented Constituents.

1. Davie County Schools in North Carolina signed an agreement with MCNC to become the first Represented Constituent (RC) under the Steward Program. Its IdP was registered on January 30, 2017.

2. Rockingham County Schools and Davidson County Community College became the second and third RCs under the Steward Program. Their IdPs were registered on March 7, 2017.


The proof of concept established three primary goals for February–March. We made considerable headway as two goals were met by mid-March. We continue our steady progress to meet or surpass these goals.

1. Secure two signed Memorandum of Understanding (MOU) documents for service providers (resource) to facilitate federated access for MCNC’s RCs. MCNC continues to pursue MOUs with several organizations.

2. Register an IdP for at least one institution with the ability to interoperate with some federated service.

   1. Davie County Schools, Rockingham County Schools, and Davidson County Community College became registered IdPs between January and early March.
3. Promote the success of the program utilizing MCNC’s and InCommon’s multiple communications channels. The following media releases were distributed in February and March.

   1. FIM: Three letters with infinite possibilities for NC education (+ video) (03.06.17)

   2. MCNC and Internet2 celebrate federated ID milestone with Davie County Schools (02.08.17)

   3. MCNC to extend trust, identity solutions to K-12, community colleges (11.07.16)


Background

In November 2016, MCNC, the non-profit operator of the North Carolina Research and Education Network (NCREN), introduced a first-in-the-nation, proof of concept to extend InCommon Federated Identity Management (FIM) technologies beyond universities. Under this Steward Program, K-12 schools and community colleges in North Carolina would have the ability to use secure local credentials to safely access a wide array of online educational resources. MCNC acts as the Steward for North Carolina institutions in the program, managing and supporting organizational trust to facilitate participation in the national FIM system.

The ground didn't shake and buildings didn't sway, but a step was taken the morning of January 30th that could well prove to be a seismic shift for InCommon, its participants, and K-14 education in the United States.

MCNC, owner and operator of the North Carolina Research and Education Network (NCREN), registered the first K-14 Represented Constituent (RC) under the InCommon Steward Program. The Steward Program allows a regional network provider like MCNC to manage the business relationship and the identity provider for the school district or community college (which are known in this model as "Represented Constituents").

For MCNC, this is a way to combine the growing use of cloud services by K-12 schools and community colleges, with the security and convenience of single sign-on offered by federated identities. Teachers, staff, and students can use their school credentials to sign in to various resources, including cloud and other external services, and not have to create a login with each service. This has many advantages, including convenience for individuals, lower support costs for MCNC and the K-12 district or community college, and much easier integration with new services.

Single sign-on is particularly attractive for school districts that have "Early College" and "Middle College" programs with nearby community colleges. Colleges and universities that collaborate with K-12 school districts, or perhaps have a K-12 component to an NSF grant, will find it easier for their colleagues to gain access to collaboration tools and services.

Monday morning, Jan. 30, MCNC onboarded Davie County Schools in North Carolina, which became the first Represented Constituent to appear in the InCommon trust registry and the first entity onboarded and vetted by a Steward. For efficiency, Stewards assume some of InCommon’s onboarding responsibilities, as, in many cases, these K-14 institutions already have a business relationship with the regional network provider. Here’s a graphic that shows how Stewards and Represented Constituents align with Participants in the InCommon Federation.

This is the first step in a longer journey. The proof of concept will wrap up in June, when we will review the next step towards the ultimate goal of operating a production service. We hope other regional networks will also become interested in putting a toe in the water.

But, that’s in the future. Today we celebrate this milestone in U.S. federation history.

InCommon and MCNC are conducting a proof of concept of the InCommon Steward Program to test assumptions about benefits, challenges and costs of the program. The InCommon Federation, operated by Internet2, provides the research and education identity trust network in the U.S. MCNC is North Carolina’s regional network provider for research and education.

InCommon’s Steward Program is intended to extend the benefits of federation to K-12 schools and community colleges (collectively called Represented Constituents or RCs). In short, the Steward joins InCommon (if not already a participant), enrolls K-12 districts and community colleges in its region, and manages the technical and business aspects of participating in the InCommon Federation. InCommon provides the operational and technical infrastructure.

In June, we will summarize the results of the proof of concept and report back to the community with next steps for the program. We will also provide brief monthly updates during the proof of concept. This is the first of those updates.

During the past month, we have accomplished the following:

• MCNC has signed the Steward Addendum to the InCommon Participation Agreement. The Addendum defines requirements and the working relationship between InCommon and its Stewards.

• InCommon and MCNC conducted a three-day training workshop covering the requirements for onboarding Represented Constituents and vetting metadata for their Identity Providers and Service Providers. Workshop attendees also discussed how MCNC and InCommon will collaborate and share information, as well as other topics related to launching the proof of concept.

• MCNC has created a Memorandum of Understanding (MoU) for its candidate RCs to sign. The MoU addresses the relationship between MCNC and its RCs (and mirrors the InCommon Participant Agreement in content), as well as appropriate use of the federation.

• MCNC has created procedures for onboarding its RCs, as well as for vetting of Identity Provider and Service Provider metadata submitted on behalf of its RCs.

• InCommon has reviewed and accepted MCNC’s MoU and procedures, a requirement of the Steward Addendum.

• InCommon is currently creating MCNC as a Steward in InCommon’s Federation Manager system, enabling them to review and approve metadata submissions for RCs.

• MCNC has signed an MoU with its first RC and will soon register the RC’s IdP.

David Walker