InCommon Federation Basics

InCommon serves the U.S. education and research communities, supporting a common framework for trusted shared management of access to on-line resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.

A federation, through its trust agreements and federating software, allows identity providers to manage user privacy and information exchange. Service providers no longer need to provision identity accounts, instead leveraging the identity provider’s identity system.

InCommon enables production-level end-user access to a wide variety of protected resources using standards-based, SAML-compliant single sign-on and federating software, such as Shibboleth®.

How InCommon Works

See a larger version of the graphic

InCommon's value is based on federated identity management

A user clicks on a Service Provider’s resource. Using federating single sign-on software, the user is authenticated by his or her Identity Provider, which releases only enough identity data to allow the Service Provider to make an access decision.

The Service Provider uses the minimum identity information necessary to control access to the resource.

InCommon participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through InCommon and then leverage these common elements for many relationships.

Need Help?

Do limits on time, resources, or expertise have you stymied? Several companies provide either consulting or turn-key solutions for either identity management or federated IdM, or both. Our Internet2 Industry Program Trust and Identity Providers support the federation and have expertise and solutions that you may find valuable.

Additional background information

InCommon Case Studies

Return on Investment: The Swedish virtual organization SWAMI (Swedish Alliance for Middleware Infrastructure) has demonstrated how federated identity management can lower the costs of identity proofing [PDF]. In addition to the write-up, SWAMI has provided a spreadsheet used to determine the per-student cost [XLS] of identity proofing.

Ready the Pipes: A Campus Technology report on why now is the time to get your identity management infrastructure in place - and federating is a key part of that strategy.