Joining the InCommon Federation
Joining the InCommon Federation
1. Are you eligible?
Participation is open to:
- Higher education: two- and four-year degree-granting accredited institutions.
- Research organizations: Labs, facilities, or centers related to a particular federal research agency and listed on an official publicly available government listing. Not sure if you’re eligible? Send us a note!
- Sponsored partners: Business, education, and research organizations that partner with higher education. These organizations require a sponsor from one of the other categories – a very, very lightweight process.
2. Sign the agreement
In general, the Participation agreement lays out the responsibilities of each InCommon organization, such as:
- We all agree to use SAML (Security Assurance Markup Language) software
- We use the same format when exchanging identity information
- We ensure that information in the trust registry is accurate, including contact information
- We respect intellectual property rights and individual’s right to privacy when handling identity information
- The InCommon Federation wiki has detailed information about software, best practices, Baseline Expectations, and policy and technical specifications.
3. Support InCommon
InCommon participation fees support the InCommon Federation operations and improvements, as well as the InCommon Trusted Access Platform software that is a crucial part of the Federation and interoperating. Here’s the fee schedule.
Register your organization: We’ll send you a link.
Register your contacts: Use the registration link to appoint your key contacts: InCommon Executive and InCommon Site Administrator(s).
5. Identity Proofing
We’ll identity proof your Executive and Site Admin(s).
6. Get to work and operate!
Deploy Software: As noted above, your software needs to speak SAML in order to operate in the Federation. Many organizations (including 90 percent of those deploying Identity Providers) use Shibboleth as their federating and single sign-on software. Shibboleth is part of the InCommon Trusted Access Platform identity and access management suite. Our software is all containerized for simpler installation and configuration.
Register your services in the trust registry/metadata: The trust registry/metadata is the shared service directory where Identity Providers and Service Providers look up each other’s critical digital signing, connection and contact information. When your metadata is complete, you make interoperation much easier. You will no longer need to coordinate configuration changes with each connecting partner one at a time. Time spent now will pay you back over the lifetime of your Identity Provider and/or Service Provider. The InCommon Federation wiki has much more information about metadata.
Manage your stuff: Your site admin(s) can now access the Federation Manager for uploading your metadata. See more information on the wiki.
Getting more out of the Federation – One of the biggest strengths of the InCommon Federation is its community: passionate and knowledgeable peers who understand your issues and are eager to help. Become an active part of the community.