1

The Partnership Challenge

• Higher education’s missions are realized in increasingly global, collaborative, online relationships– Higher educations’ digital collections, data, and

resources– External services and resource partners

• How many relationships do you manage?• How much time is spent on the differing, one-

off requirements for each partner?• How much risk do these one-off

implementations bring to your network, to the control of private data?

2

The Partnership SolutionWouldn’t it be great if we could:• developed and implemented solutions that efficiently

use our existing information infrastructures securely and safely

• InCommon economizes the time and resources that otherwise would be spent on the differing “one off” requirements for each individual partner deal with each partner in the same way; saving time and reducing risk

• InCommon maximizes security and privacy of personally identifiable/sensitive information

• richer, easier to use, safer online experience for Penn State students, faculty, and staff.”

• securely and safely in such a way that we maintain control over the release of personal information for people

• This is what federations are created to do

3

Identity Management Federationsaka

Access Management Federations

• A definition of Federation: A collaboration of independent entities that give up a certain degree of autonomy to a central authority in pursuit of a common set of goals.

• Identity Management Federations set common policies, technical interoperability criteria, and provide central services to establish and maintain trust (Central Authority)

• Identity Management Federations enable scalable, trustworthy, secure online partnerships (Common Goals)

4

Attributes: Anonymous ID, Staff, Student, …

Online Resource

Federated Access in 30 seconds

Home Institution

Metadata, certificates, common attributes & meaning, federation registration authority, Shibboleth, pinch of magic

4. If attributes are acceptable, access is granted!

3. Authorization: Privacy-preserving exchange of agreed upon attributes

2. Federation-based Trust exchange to verify partners and locations

1. Authentication: Single-Sign-On to existing Home Institution

5

The Value of InCommonBroadly Put

• Identity Providers (Home Institutions) control user accounts and the release of personal information

• Online services get to focus maintaining online resources – and standards-based access controls to them – and not on user account management

• Partners can quickly and securely deploy new collaborations and service relationships

6

The Value of InCommonFinely Put

• Governance by a Representative Steering Committee– Formulates policy and shared direction – Ensures services meet business needs with appropriate security levels and legal requirements– Establishes and communicate scalable operational standards and practices– Establishes a common set of attributes and definitions

• Legal Agreement– Basic Responsibilities, Official Signatory and Establishment of Trust, Conflict and Dispute

Resolution, Basic Protections

• Trust “Notary”– InCommon verifies the identity of organizations and their delegated officers;

• Trusted Metadata– InCommon verifies & aggregates security information for each participant’s servers, systems, and

support contacts

• Certificate Authority– InCommon issues server certificates to Participants for secure communications

• Standards for Policies and Practices– How high is the bar? Right now, each Participant decides. Participants self-declare their practices to

other Participants

• Technical Interoperability (Technical Advisory Committee)– InCommon defines shared attributes, standards (SAML), software (Shibboleth)

7

Internet2Internet2

InCommon Governance

FederationOperator

&Business Office

FederationOperator

&Business Office

TechnicalAdvisory

Committee

TechnicalAdvisory

Committee

NominationsCommittee

NominationsCommittee

Steering CommitteeRepresentative

of Higher Ed & its Partners

Steering CommitteeRepresentative

of Higher Ed & its Partners

Directio

nD

irection

Directio

nD

irection

CandidateApprovals

AdviceAdvice

8

45 Current InCommon Participants• Case Western Reserve University• Clemson University• Cornell University• Dartmouth• Duke University• Florida State University• Georgetown University• Indiana University• Miami University• Michigan State University• New York University• Ohio University• Penn State University• Stanford University• Stony Brook University• SUNY Buffalo• Texas A&M University• The Ohio State University• The University of Chicago• The Johns Hopkins University• University of Alabama at Birmingham• Uniuversity of California, Davis• University of California, Irvine• University of California, Los Angeles• University of California, Merced• University of California, Office of the President• University of California, Riverside• University of California, San Diego• University of Maryland• University of Maryland Baltimore County• University of Maryland, Baltimore• University of Rochester• University of Southern California• University of Virginia• University of Washington• University of Wisconsin - Madison

• Cdigix• EBSCO Publishing• Elsevier ScienceDirect• Houston Academy of Medicine - Texas Medical Center

Library• Internet2• JSTOR• Napster, LLC• OCLC• OhioLink - The Ohio Library & Information Network• ProtectNetwork• RefWorks, LLC• Symplicity Corporation• Thomson Learning, Inc.• Turnitin• WebAssign

NEXT?• U.S. eAuthentication Federation and Agencies:

– NSF (FastLane, …)– NIH (Grants Administration, …)– Dept. of Education (Student Financial Aid, …)

• Federations within the InCommon Federation– University Systems– Coalitions of Universities organized around Networks,

Grids, others…

Higher Education (36) Sponsored Partners (15)