Skip Links

Identity federation getting dose of reality from Internet2 affiliate

Identity hub allows universities to share resources securely.

By ,
October 12, 2006 05:30 PM ET - InCommon Federation, an identity hub that helps universities securely share resources, brought more schools and service providers to its fold this week and further strengthened its message that sharing identity is essential to securing distributed networks.

The federation, which serves as the trusted facilitator and policy setter for identity exchanges among universities and service providers, added 10 universities, four service providers and an independent identity provider to its hub. It now has 35 members in its federation which is a model for Internet2 technologies.

It is also a model to justify the benefits of identity federation, where two or more organizations establish trust between their identity systems so users authenticated by one company can access resources on the network of another company.

Federation is often seen as a futuristic technology in the broad area of identity management, but InCommon is proving today that federation can secure information access among partners while ensuring the privacy of individual users.

“Federation is something that has been envisioned by those with a long scope to the future as to how networking is going to operate in an information and knowledge based world,” says Tracy Mitrano, director of IT policy at Cornell University and the chair of the InCommon Steering Committee. “As we move to that world, we are seeing the value of real federations among universities, information providers and service providers.”

And, she says, it is happening on a global scale.

“There is no question that higher education is already participating in a flat world, so to speak, and federation makes that possible.”

The InCommon Federation uses the Shibboleth identity federation architecture as the basis for controlling access to the resources maintained by members. Shibboleth is based on the Security Assertion Markup Language (SAML) and is a foundation technology for Internet2’s Abilene Network. The architecture also lets universities and individuals set privacy policies to control what type of user information can be released to each destination.

The Internet2 consortium, which is made up of 208 universities, has developed the Abilene Network for education and high-speed data transfers.

Those transfers are being secured through InCommon’s framework, which requires participants to share with each other authoritative and accurate identity information and information about their identity management system.

InCommon is not a hub that routes network traffic but instead shapes policy for joining identity management systems. InCommon members communicate directly with one another over the Internet and Abilene Network.

Based on disclosures made through InCommon, members of the federation decide if they “trust” one another’s identity management systems and if they want to federate those systems so they can exchange SAML assertions to validate user authentication and provide authorization to access network resources. InCommon does not dictate a minimum set of requirements each participant’s identity system must include.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News