2009 EDUCAUSE Catalyst Award

Federated Identity Management Systems
recognizing innovations and initiatives centered on information technologies that provide groundbreaking solutions to major challenges in higher education, or change prevailing conditions in remarkable ways so as to allow new solutions to be deployed.

This year the Catalyst Award recognizes a complex, far-reaching web of initiatives that has had broad impact on higher education and its partners in less than a decade. Federated identity management systems in higher education and the research community emerged from the need for individual institutions to manage user and data security where the users and the systems they accessed were within the same network or domain. As the need arose for users to access external systems outside the control of the individual institution, and as external users needed to access systems under the control of the individual institution, the idea of passing just-in-time information about individuals to external services for access led to the evolution of identity management. Evolving identity management challenges, especially the challenges associated with cross-organizational, cross-domain issues, gave rise to the concept of extending organizational identity management systems, known as federated identity management.

"Federated" identity describes the technologies, standards, and use cases that serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, without the need for completely redundant user administration. These services allow staff, students, and researchers to access online resources to which they are entitled, such as research data, online journals, virtual environments for information sharing, institutional repositories, online grant applications, grid resources, information feeds, information systems, and other resources.

Academic Origins: Pockets of Innovation

Identity management systems were conceived and developed among businesses and higher education institutions throughout the world. Federated identity management systems were the next logical step to address the enormous impact of the Internet and the need to access multiple systems. The research and education communities had requirements that weren't supported by the current methodologies developed for the corporate world. The need to preserve a user's privacy while enabling access, in particular, spurred the development of open-source software and work on standards. As a result, a federated approach was adopted by many countries as a basis for advancing their infrastructure to support 21st-century research, education, and collaboration.

Although many federal identity management organizations exist, we wish to identify several with this award to represent the field as a whole and acknowledge their work as representative of the many organizations that manage federated identity systems worldwide: the InCommon Federation and the Internet2 Middleware Initiative in the United States; JISC—the Joint Information Systems Committee in the United Kingdom; and the SWITCH Federation in Switzerland.

A Widening Spiral of Innovation, Competition, and Collaboration

The widespread adoption of federated identity management systems is evidence of the need for this technology to ensure the quality of authentication technologies and standards as well as convenience for end users. Researchers, staff, and students have all benefited.

The developers of these systems pulled together many strands of technology to create robust identity services that are critical for today's applications as well as advancing cloud computing. The vision for federated identity came from multiple areas and generated collaborative efforts worldwide, which resulted in a critical service for higher education and research. This is yet another manifestation of the convergence of opportunity and need and demonstrates how higher education institutions share and learn from each other to benefit the entire community.

Applying IT to Higher Education's Central Activity

With this year's Catalyst Award, we celebrate both an important innovation and our ability to recognize and implement a significant new capability that now touches many institutions of higher education. This award is an important recognition of the remarkable way that organizations have been able to employ federated identity to help manage the security of higher education's critical information.

Professional Development Professional Development Mentoring Information Kit Management and Leadership Offerings Conferences, Seminars, and Institutes Jane N. Ryland Fellowship Program EDUCAUSE Awards Higher Education IT Events Calendar Job Opportunities Volunteer Opportunities		2009 EDUCAUSE Catalyst Award Federated Identity Management Systems recognizing innovations and initiatives centered on information technologies that provide groundbreaking solutions to major challenges in higher education, or change prevailing conditions in remarkable ways so as to allow new solutions to be deployed. This year the Catalyst Award recognizes a complex, far-reaching web of initiatives that has had broad impact on higher education and its partners in less than a decade. Federated identity management systems in higher education and the research community emerged from the need for individual institutions to manage user and data security where the users and the systems they accessed were within the same network or domain. As the need arose for users to access external systems outside the control of the individual institution, and as external users needed to access systems under the control of the individual institution, the idea of passing just-in-time information about individuals to external services for access led to the evolution of identity management. Evolving identity management challenges, especially the challenges associated with cross-organizational, cross-domain issues, gave rise to the concept of extending organizational identity management systems, known as federated identity management. "Federated" identity describes the technologies, standards, and use cases that serve to enable the portability of identity information across otherwise autonomous security domains. The ultimate goal of identity federation is to enable users of one domain to securely access data or systems of another domain seamlessly, without the need for completely redundant user administration. These services allow staff, students, and researchers to access online resources to which they are entitled, such as research data, online journals, virtual environments for information sharing, institutional repositories, online grant applications, grid resources, information feeds, information systems, and other resources. Academic Origins: Pockets of Innovation Identity management systems were conceived and developed among businesses and higher education institutions throughout the world. Federated identity management systems were the next logical step to address the enormous impact of the Internet and the need to access multiple systems. The research and education communities had requirements that weren't supported by the current methodologies developed for the corporate world. The need to preserve a user's privacy while enabling access, in particular, spurred the development of open-source software and work on standards. As a result, a federated approach was adopted by many countries as a basis for advancing their infrastructure to support 21st-century research, education, and collaboration. Although many federal identity management organizations exist, we wish to identify several with this award to represent the field as a whole and acknowledge their work as representative of the many organizations that manage federated identity systems worldwide: the InCommon Federation and the Internet2 Middleware Initiative in the United States; JISC—the Joint Information Systems Committee in the United Kingdom; and the SWITCH Federation in Switzerland. A Widening Spiral of Innovation, Competition, and Collaboration The widespread adoption of federated identity management systems is evidence of the need for this technology to ensure the quality of authentication technologies and standards as well as convenience for end users. Researchers, staff, and students have all benefited. The developers of these systems pulled together many strands of technology to create robust identity services that are critical for today's applications as well as advancing cloud computing. The vision for federated identity came from multiple areas and generated collaborative efforts worldwide, which resulted in a critical service for higher education and research. This is yet another manifestation of the convergence of opportunity and need and demonstrates how higher education institutions share and learn from each other to benefit the entire community. Applying IT to Higher Education's Central Activity With this year's Catalyst Award, we celebrate both an important innovation and our ability to recognize and implement a significant new capability that now touches many institutions of higher education. This award is an important recognition of the remarkable way that organizations have been able to employ federated identity to help manage the security of higher education's critical information.
		© Copyright 1999-2009 EDUCAUSE Need Help? \| Feedback \| Privacy Policy
	Unless otherwise noted, EDUCAUSE holds the copyright on all materials published by the association, whether in print or electronic form. In certain cases the work remains the intellectual property of the individual author(s) (see Special Circumstances). Content from conference speeches, presentations, blogs, wikis and feeds reflect the opinions of the author, and not necessarily those of EDUCAUSE or its members.