Federated Identity Management Cookbook: New Community Resource Offers Primer, Time-Tested Recipes for IdM

Subscribe for more like this



By Amber Rasche - Senior Communications Specialist, Internet2

Estimated reading time: 3 minutes

Eric Scott and Josh Drake

CI Compass and its Identity Management (IdM) Working Group recently published The Federated Identity Management Cookbook, a new resource that provides time-tested recipes for building IdM capabilities for research cyberinfrastructure. It also serves as a primer on IdM concepts, tools, and best practices for the broader research and education community – with the InCommon Federation as a key ingredient.

Erik Scott, leader of the CI Compass IdM Working Group and senior research software developer at RENCI, and Josh Drake, senior security analyst at the Indiana University CACR who also works with Trusted CI, co-authored the cookbook. Both Scott and Drake also have participated in the InCommon Community Architecture Committee for Trust and Identity (CACTI)

“The cookbook started as our own internal reference material to identity and access management (IAM) tools and resources that were tailored to the needs of researchers. There was all this material out there, but it wasn’t obvious to the research cyberinfrastructure operators we were working with where it could be found or how it could be implemented,” Josh Drake said. “So we started a collaborative learning call and created a reference library of IAM resources for the research and higher ed community. We were able to use this collected knowledge to work with NSF Major Facilities to prototype solutions to identity management issues. The final cookbook is the result of over two years of monthly working group meetings, deep engagement with research facilities, and our own co-learning efforts.”

The portion of the publication devoted to identity management tools and service providers includes a section on Building with the Internet2 InCommon Stack, which includes information on the InCommon Federation and Shibboleth, COmanage, and Grouper, three of the software components in the InCommon Trusted Access Platform.

“We wrote the cookbook to be a resource for NSF Major Facilities, but we’re excited by the broader audience that it is reaching,” Erik Scott added. “The InCommon Federation has a huge wingspan in the research and education world, owing in part to its origins in Internet2, and this reach makes it important to the Major Facilities.”

Community Input Sought for a Living Document

The cookbook was developed with input from CI Compass, Trusted CI, the NSF Major Facilities, and the broader community, including members and representatives of the InCommon Federation. It is a living document that will evolve to reflect changing needs, regulations, technologies, tools, and programs to serve as a standing guide on identity management.

“Work has already started on the next revision and expansion,” Scott explained. “We’re grateful for all the help, questions, and comments that we’ve gotten from the research and education community as well as specifically from the NSF Major Facilities. We want to make this guide as valuable as we can, and to do that we need feedback from a wide range of audiences. We would love for you to contact us or CI Compass with questions and suggestions.”

Access The Federated Identity Management Cookbook


This work was supported by the National Science Foundation (NSF) Grant #2127548: CI Compass: An NSF Cyberinfrastructure (CI) Center of Excellence for Navigating the Major Facilities Data Lifecycle and NSF Grant #1920430: Trusted CI, the NSF Cybersecurity Center of Excellence.