Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

InCommon Provides Platform for National Student Clearinghouse

Stanford, Clearinghouse Federate Student Self-Service Application

April 1, 2010

Download PDF

Solution Summary

The National Student Clearinghouse and Stanford University used InCommon to leverage their single sign-on services to improve security to the Clearinghouses' Student Self-Service. In addition, the existing time-consuming authentication mechanism was able to be replaced with a standards-based solution.


Products & Services

Community Resources

Since 1993, the National Student Clearinghouse ( has been a non-profit education partner to the nation’s colleges and universities, providing them with critical educational reporting, verification and research services.

Stanford University (, founded in 1891 and located between San Francisco and San Jose, is recognized as one of the world's leading research and teaching institutions.

The Problem

Since 2000, the Clearinghouse has provided colleges and universities with its free Web-based Student Self- Service application. The application provides many useful options for students, including printing enrollment verification certificates, ordering transcripts (if their school offers this option), viewing enrollment history and verifications provided by the Clearinghouse on behalf of the school, and other features.

Given the sensitive nature of this information, maintaining and improving security is of vital importance to the student, the Clearinghouse, and the college or university. The Clearinghouse originally developed a custom authentication mechanism, which requires work by the institution to integrate with existing authentication methods and portals.

Stanford was providing access to Student Self-Service through the Clearinghouse’s custom authentication mechanism, something officials agreed was time- consuming, and began searching for a better authentication model. “We wanted to replace that with a standard mechanism already in use at Stanford and at peer institutions,” said Bruce Vincent, chief IT architect and strategist at Stanford.

The Solution

Stanford favored using a federated approach, allowing the institution to leverage its membership in InCommon and use Shibboleth Single Sign-on and Federating software. This would permit Stanford to retain the role of the authentication authority, which provides security control and accountability.

The Clearinghouse was interested in a standards- based solution that improved security and did not involve creating a separate identity system. The Clearinghouse and Stanford saw that they could leverage their InCommon memberships to solve this problem.

As part of its overall focus on security, the Clearinghouse regularly seeks strategic partnerships with entities like the InCommon Federation, allowing for the delivery of services to participating institutions using the latest standards in information security.

“The growing popularity of single sign-on, and the emergence of InCommon as a new standard for authentication, represents a winning combination for institutions seeking alternate ways to access Clearinghouse services,” said Doug Falk, chief technology officer for the Clearinghouse.

“The InCommon platform enabled us to deploy a single sign-on option for Student Self-Service on a proven framework, which could easily be adopted later by other federation members that also participate in the Clearinghouse,” noted Falk.

Stanford also worked with other universities, through the InCommon Student Collaboration Group, to define the common attributes that would be used with the Clearinghouse for the Student Self-Service pilot. These attributes are used to securely and privately pass information between the identity system and the service provider application. With these attributes now defined, other universities can more easily federate with the Clearinghouse.

The Result

The Clearinghouse and Stanford successfully completed their pilot early in the summer of 2009, and students began accessing Student Self-Service with their Stanford credentials.

“We were able to leverage our existing Shibboleth instance, and our membership in InCommon, to replace the custom authentication mechanism,” according to Tom Black, Stanford’s registrar. “The stakeholders are happy that another custom authentication system has been replaced with one of our standard services, and the change was transparent to students.”