Posted by Cameron Evans
National and Chief Technology Officer, U.S. Education
At EDUCOMM 2010, identity was one of the most tweeted topics during the panel session when I remarked, “…it’s easier for me to enter a foreign country than it is to log into a university network!” I took the laughter as both agreement and the stark reality of managing identity in higher education. As of last week, Microsoft is now an InCommon Affiliate, which means that institutions can get community support to implement federated identity networks more quickly and cost effectively so students and faculty won’t need multiple credentials to collaborate and be productive between schools and universities. InCommon is part of Internet2 and is dedicated to creating and supporting a common framework for trustworthy shared access of online materials in support of education and research in the United States.
Federated Identity is not single sign-on. I like the analogy that the United States is a federation of states. We share common infrastructure across all of the states in order to facilitate commerce and our lives. But what if you couldn’t use that common infrastructure to access another state unless you were first given permission from that state? What would happen to the productivity of our nation if we were confined to only doing business within each state’s borders with each state’s local resources? For most colleges and universities today, that analogy provides a picture of their campus network and the lingering limitations on collegial collaboration and productivity.
In the U.S., tokens of our identity are issued and certified by our state and federal government. For me, my driver’s license or passport represents a token of my identity. I only need one driver’s license, issued by the State of Texas to drive anywhere in the US or abroad. With some exceptions, my passport, issued by the U.S. Department of State, is a sufficient certificate of identity to enter any foreign nation. What makes this system of identity effective is trust. My identity credentials supersede my own trustworthiness or reputation and give that validation of trust to my state or the U.S. government. This eliminates the need for multiple identities (documents or licenses) when I drive in the U.S. or abroad.
Federated identity is not the endgame. Neither Microsoft nor InCommon believe that. What we share excitement about are the new applications and experiences that identity can bring when trust can be efficiently distributed and effectively validated. Again, I want to use the passport and driver’s licenses as models. When I cash a check (in the rare instances that I do), my state or federal-issued identity validates my authority to do so. But wait, my driver’s license is only for me to operate a motor vehicle, right? Not when it is also a trusted indicator of my identity. When a system of trust can be established, we can create new applications that go beyond the original design (e.g. portable electronic student records, grants and loan applications, GI Bill verification, collaborative inter-university research).
This is a journey. While we have reached a major mile marker, Microsoft and the industry have work to do. Our ongoing investments in standards, interoperability, and support of the InCommon Federation will help make federated identity an enabler to forming a more perfect union of collaborative learning for our faculty and students.
You can read more about this topic and Microsoft’s work in education on my blog, Higher Innovation.