Over the next five years,InCommon leads as the collective authority in devising creative, sustainable IAM best practices for research & education.

Through a four-step, repeatable process, InCommon will effectively engage the community to achieve its strategic objectives.

The InCommon community is aware of new threat actors, challenges presented by new technologies, emerging solutions, trending security protocols, which could include OpenID Connect, OAuth, and Zero Trust, as well as cybersecurity frameworks provided by the National Institute of Standards & Technology and the U.S. Department of Defense. The community is looking to InCommon to lead in integrating these protocols and innovations into InCommon’s central governance structure.

R&E institutions recognize that the needs of their audiences and stakeholders are evolving. We see examples of digitally-driven change all around us: institutions expanding their offerings to nontraditional students and lifelong learners seeking to take advantage of continuing education opportunities that are accessible outside of the classroom. This diversification of higher education’s audiences and their needs will require more fluid credentialing from IAM systems. Technologies such as passkeys, bring your own identity, and eWallets are at large.

The InCommon community noted a growing gap in knowledge and skills. This gap is fueled by increasing complexity in the field, difficulty for IAM departments to keep up with the evolving domain, and loss of legacy knowledge from events such as early retirement. Additionally, respondents from the consultations expressed that IAM system management and architecture require a particular skill set, and finding professionals who are willing to and capable of working in research & higher ed IT departments is challenging.

Today, organizations have a range of IAM services to choose from, between InCommon’s offerings and commercially available solutions. Many institutions benefit from a blend of commercial and InCommon service solutions. But in practice, blending services proves challenging. InCommon can better support community organizations that choose a combination of services by offering specific technical and strategic guidance that addresses the following challenges:

InCommon participants’ IT departments report difficulty around integrating and using InCommon tools and services, specifically murky implementation pathways and costs, lack of communication about current soware updates, elusive technical support, and little authority regarding next-generation security protocols.

On the other hand, when these IT leaders begin to consider using commercially available solutions, providers claim to address any IAM issue (regardless of domain or industry), eliminate integration challenges, and come with dedicated 24/7 support. While this is appealing, these solutions may not fit all the particular needs InCommon community organizations seek. Furthermore, IT leaders may even view the choice as a binary one (either a commercial solution or InCommon services) because the implementation pathways and costs to using a blend of services are unclear. With dedicated support and guidance here, InCommon can help IT leaders strike the right balance between commercial solutions and InCommon services.

The institutions consulted are focused on unifying, automating, and interoperating their IAM systems. Target improvements include creating integrated, seamless connections across platforms that achieve a sustainable multi-platform approach;  strategically engaging third parties; and achieving or maintaining automation within IAM systems to reduce manual processes needed to support InCommon Federation.

Take the needs of provisioning, deprovisioning, and managing user lifecycles and permissions. Today, practitioners and architects struggle to quickly assemble effective solutions and maintain them on their own. These constraints create technical debt and stretch IT departments beyond their means, leaving scant resourcing to keep up with rapidly changing compliance requirements. Additionally, the increasing variety of multifactor authentication standards between third party offerings makes it difficult for InCommon organizations to understand and comply with these standards. InCommon is positioned to align R&E towards common policy, functionality, and standards to improve interoperability across technology platforms and facilitate digital collaboration.