InCommon

InCommon
Name	InCommon
Type	Consortium
Founded	2004
Headquarters	United States

InCommon

InCommon is a U.S.-based trust federation that provides identity, authentication, and authorization services for research and higher education institutions. It operates a metadata federation and a certificate service that enable federated single sign-on across a wide array of National Institutes of Health, National Science Foundation, Department of Energy, National Aeronautics and Space Administration, and Library of Congress–affiliated resources. InCommon works with universities, colleges, research laboratories, cultural institutions, and technology providers such as Internet2, Educause, Google, Microsoft, and ORCID to streamline access to digital resources used by scholars, students, and staff.

Overview

InCommon provides a trust fabric that links identity providers at institutions like Harvard University, Stanford University, Massachusetts Institute of Technology, and University of California, Berkeley with service providers including Elsevier, Springer Nature, JSTOR, Clarivate, and ProQuest. Its portfolio includes the InCommon Federation metadata, the InCommon Certificate Service, and attribute and assurance profiles that align with standards from OASIS, Internet Engineering Task Force, Shibboleth, and SAML 2.0. Major collaborative stakeholders in the federation model include consortia such as Big Ten Academic Alliance, research infrastructures like CERN, and national initiatives exemplified by HathiTrust and Digital Public Library of America.

History

The federation emerged amid early-2000s efforts to scale federated identity across higher education, paralleling work at SURFnet, GÉANT, and UK Access Management Federation. Initial pilots involved technology from Shibboleth Project and standards bodies including Liberty Alliance and OASIS. Over time, the program partnered with Internet2 and Educause to expand enrollment beyond flagship research universities to community colleges, regional public universities, museums such as Smithsonian Institution, and national labs like Los Alamos National Laboratory. Policy developments were influenced by initiatives from National Science Foundation programs and by compliance regimes arising from legislation such as the Health Insurance Portability and Accountability Act and standards promulgated by NIST.

Services and Infrastructure

Core services include a metadata aggregation and distribution system enabling SAML-based single sign-on for services like Canvas (learning management system), Blackboard Inc., Zoom Video Communications, and cloud services offered by Amazon Web Services, Microsoft Azure, and Google Cloud Platform. The InCommon Certificate Service supplies TLS/SSL certificates used by institutional web services and research data repositories hosted by organizations such as Figshare and Zenodo. The federation supports attribute release and attribute bundles aligned with community profiles like RFC 6749 and technical implementations of EduGAIN inter-federation. Operational tooling integrates with identity stacks including Shibboleth IdP, SimpleSAMLphp, OpenLDAP, and Active Directory Federation Services.

Governance and Membership

Governance is administered through membership and advisory structures that include university CIOs from institutions such as University of Michigan and Columbia University, representatives from national consortia like ACRL, and vendor partners including Oracle Corporation, IBM, and VMware. Membership tiers accommodate research universities, liberal arts colleges including Amherst College and Williams College, and cultural institutions like The Metropolitan Museum of Art. Policy decisions have been informed by working groups composed of identity federations, privacy advocates, and legal counsel with expertise drawn from organizations such as ACM and IEEE. Fee structures and participation agreements mirror models used by Internet2 and accommodate regional federations modeled after Australian Access Federation and Federation of Australian Universities (FAU).

Security and Trust Frameworks

InCommon operates within security frameworks that reference guidance from NIST, Center for Internet Security, and international standards like ISO/IEC 27001. Assurance profiles and identity vetting processes enable higher trust levels for use cases involving sensitive data shared among institutions including Johns Hopkins University and Cleveland Clinic. Incident response and breach coordination draw on playbooks practiced by security teams at Stanford Medicine and University of Oxford information security offices. The federation’s certificate lifecycle management and metadata validation incorporate cryptographic standards popularized by Internet Engineering Task Force specifications and tooling akin to projects from Let's Encrypt and OpenSSL.

Adoption and Impact

Adoption spans hundreds of higher education institutions, national laboratories, libraries, and publishers; notable adopters range from Princeton University and Yale University to National Gallery of Art and SAGE Publications. The federation has reduced duplicate account management and improved cross-institutional collaboration for projects funded by National Science Foundation, National Institutes of Health, and Defense Advanced Research Projects Agency. It has facilitated federated access to virtual research environments, data grids such as XSEDE, and collaborative platforms including GitHub and JupyterHub. Policy and technical work from the federation has influenced regional federations in Europe, Australia, and Canada, and has been cited in reports by Scholarly Publishing and Academic Resources Coalition and Association of Research Libraries.

Category:Federations Category:Identity management