InCommon Policies and Practices
The documents listed below comprise the policies and practices under which the InCommon Federation and Participants operate. These documents should be reviewed prior to submitting an application. For eligibility questions, please refer to the join InCommon page. Documents are listed in the recommended order of reading. Policies and practices for InCommon are overseen by the InCommon Steering Committee.
- Participation Agreement (review copy)
- Federation Operating Policies and Practices [PDF]
This FOPP describes the activities and systems of the InCommon Federation. A paper on further risk assessment is also available.
- Fee Schedule
- Trusted Relationships for Access Management: The InCommon Model
This document is a high-level introduction to the model for trusted relationships within the InCommon Federation. It is intended for executives and business managers with responsibility for the policy, legal, and technical aspects of identity and access management at their institutions.
- Baseline Expectations for Trust in Federation
Baseline Expectations: Community Dispute Resolution Process
The InCommon community has adopted Baseline Expectations for Trust in Federation to improve trust and interoperability throughout the Federation. The document "Baseline Expectations for Trust in Federation" details the expectations and the community consensus process. The "Community Dispute Resolution Process" includes the process by which the community will resolve disputes among participants and between a participant and InCommon Operations.
- Participant Operational Practices [Word] [PDF]
Each participant's POP outlines its Identity Management and/or Service system(s). Service Providers will use the POP to determine their level of trust for assertions from each participant. Identity Providers will evaluate each Service's privacy policies and attribute collection and use policies. Participant POP statements must be publicly posted on a website. The URLs for participant POPs are available to all Administrators via the secure administrative interface.
- Changing Your Site Administrator or InCommon Executive
When you change your executive contact for InCommon, we need information in writing (this can be emailed). Here is a template for a letter [Word], which must be on your institution's letterhead.
- InCommon Assurance Profiles
InCommon is moving toward additional assurance profiles (including Silver), which will meet requirements for SPs with applications needing higher security, additional identity proofing, or other such needs.
- InCommon Attributes
InCommon supports eduPerson attributes. For more information, see the InCommon attribute overview page.
- Metadata Registration Practices
InCommon maintains a registry of organizationally valid SAML metadata. Entity metadata is aggregated, vetted, signed, and published periodically at well-known HTTP locations.
- Disaster Recovery
InCommon has a disaster recovery and business continuity plan that is available on an as-needed basis. Email firstname.lastname@example.org.
- InCommon LLC Limited Liability Company Agreement [PDF]
InCommon is a Delaware limited liability company, governed by a Steering Committee, and operated by Internet2.
- InCommon Steering Committee Bylaws [PDF]
Similar to a corporation’s bylaws, this document outlines the purpose, membership, and voting requirements of the InCommon Steering Committee.
- InCommon Futures Report (a 2009 strategic planning document) [PDF]
InCommon participates in eduGAIN, a service that interconnects identity federations worldwide. The eduGAIN constitution, policy framework, adn other information is available on the eduGAIN website.
Subscribers to InCommon email lists include individuals from InCommon participant organizations and InCommon affiliates.
List members discuss topics of community interest regarding InCommon services and related issues. InCommon will also, from time to time, provide service announcements and other information on email lists. List members may occasionally post announcements of interest to list subscribers, such as conferences, webinars, publications, job openings, and other resources related to identity management and trust services. Please keep these short with a link to more information.