Internet2

InCommon is operated by Internet2

InCommon

About            Participants            Join InCommon


Steward Program

Partnering for K-14: The InCommon Steward Program

The InCommon Trust Model and the Steward Program

Executive Summary: InCommon Steward Program

Steward Program FAQ

Steward Program Timeline

Resources (presentations)



InCommon Steward Program FAQ

What is the Steward Program?

The Steward Program provides a way for K-12 school districts and community colleges to participate in the InCommon Federation through their regional network provider. Under the program, the Steward joins InCommon, does the organizational vetting for the school district and community college constituents that it represents, and operates the identity management infrastructure for those constituents.

What is the benefit for the Steward?

The Steward can offer additional services and support to its K-12 and community college constituents by operating the identity and access management infrastructure for them. The Steward can leverage its existing relationship with its constituents, while also leveraging the InCommon Federation’s global identity expertise and technical and support infrastructure.

What is the benefit for the InCommon Federation?

The InCommon Federation technical and support infrastructure already exists. This allows the InCommon Federation to extend single sign-on, trust, and security benefits to K-12 and community colleges in a way that scales.

Doesn’t this significantly change the trust model of the InCommon Federation?

No. A Steward performs a portion of the onboarding function (organizational vetting and identity vetting of key individuals) under contract with InCommon, and also manages the trust registry information (e.g. metadata) for its Represented Constituents. Thus there is no material change to the trust model.

The Steward is contractually responsible for its Represented Constituents (RCs). The Steward signs the InCommon Participation Agreement and operates the IdPs and SPs for the RCs, just as with any other InCommon Participant.

What is the status of the program?

InCommon and MCNC, the North Carolina regional network provider, have completed a proof of concept (end date June 2017) to test assumptions. InCommon outsourced some of the onboarding responsibilities to MCNC, and MCNC worked with a handful of K-14 organizations, operating identity providers and managing the trust registry for them.

InCommon and MCNC launched the proof of concept in November 2016 and it ran through June 2017. In particular, the organizations were looking to determine:

  • Benefits to Stewards and Represented Constituents
  • Impacts of outsourcing of InCommon's onboarding functions
  • Impacts of increasing K-12 participation in InCommon
  • Operational issues
  • Resource requirements for InCommon and MCNC

How will this program affect the size of the trust registry (metadata aggregate) given the size of the K-14 community?

During the proof of concept, we saw the impact to the aggregate size to be minimal. The next steps may include a controlled plan for growth. In parallel, InCommon staff and the community are working on alternate and more scalable ways to deliver the trust registry. This work is underway under the auspices of the InCommon Technical Advisory Committee.

What is a Represented Constituent?

A Represented Constituent is an organization that receives federation services through a Steward. Therefore, the Represented Constituent is not an InCommon Participant.

Copyright 2004-2017 InCommon LLC. All rights reserved. admin@incommon.org. InCommon is operated by Internet2.