Internet2

InCommon is operated by Internet2

InCommon

About            Participants            Join InCommon

Federation

Join InCommon

Federation Manager Login

Resources for Site Admins

Password Reset

Changing Exec/Site Admin

InCommon Metadata

Recommended Practices

Technical Guide

Official Documents

Shibboleth Installation Workshops

Assurance

Case Studies

Federation Basics

InCommon Affiliates


News from the Federation



InCommon Federation Basics

InCommon serves the U.S. education and research communities, supporting a common framework for trusted shared management of access to on-line resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources.

A federation, through its trust agreements and federating software, allows identity providers to manage user privacy and information exchange. Service providers no longer need to provision identity accounts, instead leveraging the identity provider’s identity system.

InCommon enables production-level end-user access to a wide variety of protected resources using standards-based, SAML-compliant single sign-on and federating software, such as Shibboleth®.

How InCommon Works

See a larger version of the graphic

InCommon's value is based on federated identity management

A user clicks on a Service Provider’s resource. Using federating single sign-on software, the user is authenticated by his or her Identity Provider, which releases only enough identity data to allow the Service Provider to make an access decision.

The Service Provider uses the minimum identity information necessary to control access to the resource.

InCommon participants could spend time establishing operating principles, technology hooks, and agreed-upon data exchange elements with each partner; or they could do it once through InCommon and then leverage these common elements for many relationships.

Need Help?

Do limits on time, resources, or expertise have you stymied? Several companies provide either consulting or turn-key solutions for either identity management or federated IdM, or both. InCommon Affiliates support the federation and have expertise and solutions that you may find valuable.

 

Additional background information

InCommon Case Studies

Return on Investment: The Swedish virtual organization SWAMI (Swedish Alliance for Middleware Infrastructure) has demonstrated how federated identity management can lower the costs of identity proofing [PDF]. In addition to the write-up, SWAMI has provided a spreadsheet used to determine the per-student cost [XLS] of identity proofing.

Ready the Pipes: A Campus Technology report on why now is the time to get your identity management infrastructure in place - and federating is a key part of that strategy.

Copyright 2004-2013 InCommon LLC. All rights reserved. info@incommon.org. InCommon is operated by Internet2.