Subject Re: Input for InCommon's Steward Program
From David Walker <dwalker@xxxxxxxxxxxxx>
Date Mon, 9 Nov 2015 14:00:10 -0800

No problem, Niels.

These questions were mostly to see if anyone has issues related to Steward-registered entities that would affect future export to eduGAIN.  We have, though, hypothesized potential use cases for tagging of entities related to the inclusion of K-12 schools.  Community colleges are considered higher education here, so we haven't discussed additional tagging for them.

Here are the hypothetical cases for tagging that we've discussed.  We don't yet know if there's actually a need to address them:

  • Tag K-12 entities (and, I suppose, higher education, research organization, sponsored partner, etc.) for other entities that need to know.
  • Tag "COPPA Safe" SPs, if this is legally advisable for compliance with the US Children's Online Privacy Protection Act.

We've also discussed tagging an entity as having been registered by a Steward (K-12 or otherwise).  This would be needed if we feel that a federation that outsources some of its registration functions (rather than having employees perform them) should tag those outsource-registered entities.


On 11/09/2015 12:43 PM, Niels van Dijk wrote:
Hello David,

Sorry for not responding to your questions but asking one in return:
Do you have any use cases where you would need to "label" these K-12 schools and community colleges so Services would be able to distinguish between such entities and higher ed entities?

many thanks,

----- Original Message -----
From: "David Walker" <dwalker@xxxxxxxxxxxxx>
To: refeds@xxxxxxxxxx
Cc: "DWI2" <dwalker@xxxxxxxxxxxxx>
Sent: Monday, 9 November, 2015 21:04:12
Subject: [refeds] Input for InCommon's Steward Program

In order to address the scaling of effort required for onboarding and
metadata vetting for K-12 schools and community colleges, InCommon is
partnering with US regional R&E network providers to pilot a Steward
Program in which Stewards, InCommon Participants that meet certain
criteria and sign specific agreements, are authorized to do two things:


   Register IdPs and SPs that use domain names belonging to other
   organizations for scopes and end-points.  Those other organizations
   are called Represented Constituents.


       In order to do this, we require that the Steward be authorized
       to use its Represented Constituents' domain names as well as to
       verify that the Represented Constituents own those domain names
       in the same manner that InCommon verifies its full-fledged
       Participants' domain names.


   Perform vetting of metadata submissions on behalf of InCommon.


       Stewards will do this under contract to InCommon and will follow
       the same procedures for metadata vetting as InCommon itself does.


       Note that the primary use of this capability will be to vet its
       own submissions for its Represented Constituents (as InCommon is
       allowed to vet its own metadata submissions).  We will require
       that the same person cannot both submit and vet metadata.


       Do you have any concerns with InCommon contracting with other
       organizations to perform metadata verification?


       Would you be willing to interact with Steward-registered
       entities the same as other InCommon-registered entities?

Initially, only US regional R&E network providers may become Stewards,
and only K-12 and community college institutions may become Represented

InCommon would like to ask the larger community for its guidance related
to this change.  It's unlikely that entities registered via this model
will be exported to eduGAIN in the near future, but it is likely that
some will be exported or play a role in the larger R&E federation space
in the longer term.

David Walker