LLMpediaThe first transparent, open encyclopedia generated by LLMs

InCommon Federation

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CERN Open Data Hop 5
Expansion Funnel Raw 84 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted84
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
InCommon Federation
NameInCommon Federation
Formation2004
HeadquartersUnited States
Region servedResearch and education
MembershipHigher education institutions, research laboratories, service providers

InCommon Federation

InCommon Federation is a U.S.-based trust federation that provides identity, authentication, and authorization infrastructure for higher education, research, and affiliated service providers. It operates a metadata trust fabric and supports federated single sign-on across campus services, library resources, cloud platforms, and research collaborations. Members include universities, national laboratories, consortia, and commercial providers that interoperate using federated identity technologies.

Overview

InCommon Federation enables members to use federated identity protocols such as Security Assertion Markup Language and OpenID Connect to access services from providers like JSTOR, Elsevier, Google Workspace, Microsoft 365, and ORCID without institution-specific credentials being shared. The federation functions alongside regional and international federations including eduGAIN, REFEDS, SURFnet, and Federated Identity Management initiatives, and complements initiatives by Internet2, EDUCAUSE, National Science Foundation, and HathiTrust. It interoperates with identity provider software such as Shibboleth, SimpleSAMLphp, OpenAM, and Keycloak and with authorization and attribute frameworks used by XSEDE, CERN, National Institutes of Health, and consortia like CARLI and DuraSpace.

History and Development

InCommon Federation emerged in the early 2000s from interoperability work led by Internet2 and stakeholders including EDUCAUSE, The University of Chicago, University of Michigan, Stanford University, and Massachusetts Institute of Technology. Early adoption paralleled deployments of Shibboleth at institutions such as University of Southern California and collaborations with SURA and ACM. The federation formalized metadata exchange, trust anchors, and operational policies during the mid-2000s, influenced by standards from OASIS, IETF, and recommendations by NIST. Over time, InCommon incorporated work from projects associated with NSF grants, vendor engagements with Oracle Corporation and ForgeRock, and community governance models inspired by consortia like TERENA and GÉANT.

Governance and Membership

Governance is structured through stakeholder bodies similar to models used by Internet2 and EDUCAUSE, with participation from institutional members such as Harvard University, Princeton University, University of California, Berkeley, and Columbia University, and from service providers including Elsevier, Wiley, and cloud vendors like Amazon Web Services and Google. Membership tiers and policy frameworks draw on precedents from REFEDS and community agreements like the Research and Education Networking Association. Committees oversee policy, technical operations, and assurance programs, interacting with legal entities such as The Association of American Universities and funding agencies including Department of Energy and Department of Defense for certain research collaborations.

Technical Architecture and Standards

The federation’s technical stack centers on Security Assertion Markup Language for attribute assertions, with growing support for OpenID Connect and OAuth 2.0 for API access and modern web applications. Metadata aggregation and distribution echo practices used by eduGAIN and rely on protocols and specifications from OASIS and IETF working groups. Attribute schemas and entity categories reflect guidance from REFEDS and the Research and Scholarship Entity Category; deployment tools include metadata registries, certificate management leveraging X.509 and services similar to Let’s Encrypt, and monitoring integrated with Prometheus-style telemetry and Nagios-like alerting. Interoperability testing and conformance draw on testbeds used by CERN and GÉANT.

Services and Use Cases

InCommon supports single sign-on to library systems like Ex Libris and EBSCO, learning platforms such as Canvas, Moodle, and Blackboard Learn, collaboration tools including Zoom and Slack, and research services like GitHub and Figshare. It enables access management for national research infrastructures such as OLCF, Argonne National Laboratory, and Lawrence Berkeley National Laboratory, and supports cross-institution workflows for initiatives like Human Connectome Project and LIGO Scientific Collaboration. Use cases include campus identity federation, interlibrary loan access, federated cloud brokerage, and federated access for virtual research environments used by projects like XSEDE and Open Science Grid.

Security, Privacy, and Trust Framework

The federation enforces trust through metadata signatures, certificate lifecycles using X.509 profiles, and assurance frameworks inspired by REFEDS assurance profiles and national guidance from NIST. Privacy practices address attribute minimization and data handling consistent with regulations such as Health Insurance Portability and Accountability Act for certain health-related research and with institutional review frameworks used by Institutional Review Board processes at universities. Incident response coordination often parallels structures used by CERT Coordination Center and FIRST and involves disclosure practices familiar to US-CERT and sector-specific stakeholders.

Impact and Adoption in Research and Education Networks

InCommon has materially influenced federated identity adoption across U.S. campuses and in international collaborations with eduGAIN, enabling scalable access to resources consumed by communities served by Library of Congress, National Institutes of Health, and major research centers including Brookhaven National Laboratory and SLAC National Accelerator Laboratory. Its models have informed identity federations in regions managed by GÉANT, AARNet, and SURFnet, and have been cited in interoperability roadmaps by agencies like European Commission research programs and National Science Foundation initiatives. The federation’s operational practices and assurance profiles continue to shape how universities, publishers, cloud providers, and research infrastructures interoperate at scale.

Category:Identity management Category:Higher education organizations Category:Research infrastructure