While a federation might sound like something out of Star Trek, it’s actually the next big step in identity management.
“I think where the real action is today is federation,” says Rodney J. Petersen, managing director of Washington office and senior government relations officer for Educause. “That is not just allowing students and staff into a single system, but allowing them to log in to a different system or a government system.”
Federation can ease the burden on community college students who might take classes at multiple institutions. “The process of proving their ID over and over shouldn’t be necessary if it’s been done once.”
However, having a solid IdM system in place is necessary before an institution can join a federation, he cautions.
In the United States, federation for higher education is handled by InCommon, which was created by Internet2. “Its reason for being is to provide ‘trust services’ for higher ed,” explains Bill Thompson, principal architect for identity access management at Unicon, an InCommon-affiliated service provider. “It’s about tackling the end-to-end problem about federation.” Members are preconfigured to quickly and easily access resources offered by other members.
Federation is being driven by the uptake in cloud computing and SaaS, explains Thompson. There are “scaling problems” with all the one-to-one relationships required by SaaS. By contrast, a federation allows a one-to-many relationship, which allows more efficient and secure access to resources.
“To date, it’s been mostly large R1 schools, but it’s starting to get more important,” he says.
A benefit of federation is that cloud providers don’t have to store identity data. “They just know that I’m a student and should have access,” says Petersen. “They don’t have my personal information.”
He says Educause joined InCommon to allow members to log into the EDUCAUSE website with their existing campus credentials. “Before that, everyone needed to set up an Educause profile and get an ID and password. But now, if their campus is a member, they just use their campus ID.”
And isn’t having just one ID the ultimate goal?