InCommon Policies and Practices
The documents listed below comprise the polices and practices under which the InCommon Federation and Participants operate. These documents should be reviewed prior to submitting an application. For eligibility questions, please refer to the join InCommon page. Documents are listed in the recommended order of reading. Policies and practices for InCommon are overseen by the InCommon Steering Committee.
- Participation Agreement (review copy)
- Fee Schedule
- Participant Operational Practices [Word] [PDF]
Each participant's POP outlines its Identity Management and/or Service system(s). Service Providers will use the POP to determine their level of trust for assertions from each participant. Identity Providers will evaluate each Service's privacy policies and attribute collection and use policies. Participant POP statements must be publicly posted on a website. The URLs for participant POPs are available to all Administrators via the secure adminstrative interface.
- Federation Operating Policies and Practices [PDF]
This FOPP describes the activities and systems of the InCommon Federation. A paper on further risk assessment is also available.
- Changing Your Site Administrator or InCommon Executive
When you change your executive contact for InCommon, we need information in writing (this can be emailed). Here is a template for a letter [Word], which must be on your institution's letterhead.
- InCommon Assurance Profiles
InCommon is moving toward additional assurance profiles (including Silver), which will meet requirements for SPs with applications needing higher security, additional identity proofing, or other such needs.
- InCommon Attributes
InCommon supports eduPerson attributes. For more information, see the InCommon attribute overview page, as well as a summary of the attributes InCommon supports (at a minimum).
- Metadata Registration Practices
InCommon maintains a registry of organizationally valid SAML metadata. Entity metadata is aggregated, vetted, signed, and published periodically at well-known HTTP locations.
- InCommon LLC Limited Liability Company Agreement [PDF]
InCommon is a Delaware limited liability company, governed by a Steering Committee, and operated by Internet2.
- InCommon Steering Committee Bylaws [PDF]
Similar to a corporation’s bylaws, this document outlines the purpose, membership, and voting requirements of the InCommon Steering Committee. NOTE: This version is in draft only until final signatures are obtained.
Subscribers to InCommon email lists include individuals from InCommon participant organizations and InCommon affiliates.
List members discuss topics of community interest regarding InCommon services and related issues. InCommon will also, from time to time, provide service announcements and other information on email lists. List members may occasionally post announcements of interest to list subscribers, such as conferences, webinars, publications, job openings, and other resources related to identity management and trust services. Please keep these short with a link to more information.