In today's environment, applying for college is a costly and cumbersome process for schools, students and their service providers. Applicants establish separate accounts for every service they consume and at nearly every institution they apply to creating a cumbersome and challenging approach but are rarely expected to prove their identity until after they have been accepted. Simultaneously, stakeholders incur significant costs in provisioning and support without reaping the rewards of identity assurance and are ultimately left with the challenge of accurately matching records to applicants.
Single sign-on (SSO) is a technology that provides users with a single set of credentials that can be used across various services because the services are in a trust relationship. Alone, SSO implementation for the application process would represent a significant advancement for all involved, however combined with the voluntary assignment of a unique identifier and vetting events already being performed, the validation of that applicant's identity is significantly increased. The CommIT project provides a scalable secure approach to matching electronic records for all college applicants and institutions and the creation of a unique electronic credential to:
- Resolve matching problems at the university level,
- Simplify the entire application process for students, parents, colleges and universities, and their external service providers, and
- Do away with the last remaining vestiges of dependency on the social security number.
A partnership of PESC and Internet2, the Common Identity and Trust Collaborative (CommIT) project was established to address these challenges utilizing the data standards expertise of the PESC community and the national reach of Internet2's InCommon federated identity solution. CommIT started with a one-year demonstration pilot project (Phase one) that invited several select university and vendor partners to join, leading to a larger product release in the summer of 2014. Participation in CommIT is voluntary, is currently limited to admissions in education, and involves international applicants (without storing nationality).
The initial goal of the CommIT Project is to support and enhance identity and trust as foundational services for higher education by addressing the challenges of the higher education admissions process. Through the creation of an identity store, a unique student identifier, an identity provider, and an ecosystem for "Digital Notaries", CommIT can bring identity verification and trust into the marketplace, and, when combined with corresponding policies and technologies, will protect user control and privacy. With CommIT, only the applicants themselves will initiate record aggregation and release, which enhances security and privacy by preventing third party access without student authorization.
As of 2016, the pilots have been successful and next steps are being considered.
What Is CommIT?
The Common Identity and Trust collaborative (CommIT) was formed to make it easier and safer for students to apply to college and for organizations like universities and testing agencies to support this simpler application process.
The CommIT project provides a person registry to store the minimum data required (and only the minimum data) to support user uniqueness and password resets. In essence, the CommIT project provides an enabling service for identity management and is not a central student/applicant data repository.
How do I know that CommIT is secure?
Who is developing the CommIT Pilot?
The CommIT Core Team is made up of representatives of Internet2, InCommon, PESC, and University participants that has developed the infrastructure and documentation for the project to which partners can connect their services.
- Internet2 has contracted vendors to provide virtual machines to host the pilot project and to provide technical assistance.
- PESC is leading the business development and community outreach components.
- Georgetown University provides oversight to the project.
- Pennsylvania State University is responsible for implementing the central person registry.
The Core Team will deliver a documented, working infrastructure in the Summer of 2013, and will then assist the pilot participants with production implementation and testing.
What is expected from University participants?
Universities participating in Phase one of the CommIT Project will have the following requirements:
- Through the admissions office, the University Participant must provide a process for willing prospective students with the option to create and utilize the CommIT process
- The University Participant will utilize the unique CommIT identifier to match applicants with records provided through their admissions applications tools.
- The University Participant will allow any applicant who possesses a CommIT identity to use their credentials to authorize access to online applications.
- Representatives from participating the University Participant will be encouraged to share their experiences and lessons learned at various conferences.
- Commit at least one admissions office to using the CommIT service:
- Provide appropriate redirects to send applicants to CommIT to perform the voluntary applicant onboarding process.
- When provided, leverage the unique CommIT identifier to match an applicant with some records via their admissions applications tools.
- Use CommIT credentials to authorize access to online applications.
- Provision applicants to access marketing related content specifically targeted to known applicants without the generation of university credentials.
- Assign appropriate university resources to coordinate with the CommIT technical team and their chosen vendor(s) or organizations(s) to make all modifications necessary to accommodate the change, including changes to the web presence, adapt to accept SAML authentication if not already done, and any alterations to the admissions flow that may need to be accomplished.
- Sign agreement outlining the details of such University Participants deliverables.
University participants are also invited to participate in various working groups during development of the pilot to assist in the definition of the business, technical, and governance models for the project. Participating in the pilot project does not obligate a university to participate in any subsequent product release.
What is expected from Organizational (Corporate and Non-profit) Participants?
To participate in CommIT Project Phase one, Organizational (Corporate and Non-profit) Participants will be responsible for:
- Accepting the CommIT credential from applicants who login with them.
- Support the storing of this unique identifier.
- Support the capability to attach the unique identifier to all applicant documents that are passed to CommIT participating institutions.
- Register students who come from participating schools within such Organizational (Corporate and Non-profit) Participant’s systems, and attach the CommIT unique identifier to the records of students who will be applying to a participating school
- Provide a mechanism to transport this unique identifier to the records as they are transmitted to the participating schools.
- Provide a mechanism by which the unique identifier will be ignored by non-participating school’s systems.
- Provide technical resources to work with participating schools to accommodate all the workflow, user interface, and background technical requirements to adapt such Organizational (Corporate and Non-profit) Participant’s system to support these activities.
- Sign a definitive agreement outlining the details of such Organizational (Corporate and Non-profit) Participant’s deliverables.
Organizational (Corporate and Non-profit) Participants are also invited to participate in various working groups during development of the pilot to assist in the definition of the business, technical, and governance models for the project. Participating in the pilot project does not obligate a vendor to participate in any subsequent product release.
What are the goals of the Pilot?
The CommIT Pilot will be conducted with a limited set of organizations leveraging the CommIT service to 1) outsource authentication and 2) enable matching of records among pilot participants for a set of students using and admissions related service. The goals of the pilot are to:
- Test the infrastructure to ensure proper functioning.
- Test the process flows to ensure ease of use.
- Validate the value proposition.
- Inform the final production service functionality and features.
- Inform the marketing and communications of the final production service.
- Determine the help desk and support requirements.
What is the scope for the Pilot?
Each Pilot Participant will determine their service and student scope. Even though the CommIT service can support many business processes, the CommIT Project Team is recommending that organizations choose a well-defined admissions process such as an outreach or athletic program that can be used to test the infrastructure. The CommIT Project Team will provide a pilot technical infrastructure which includes:
- A scalable person registry with all the mechanisms for adding applicants, setting and resetting passwords, and all the expected functionality
- A scalable identity store
- A scalable Shibboleth Identity Provider
- Provider/Participant Documentation
Pilot Participants will help define and develop the unified and automated helpdesk solutions. The Pilot will not support levels of assurance or enhanced-security credentials.
What is the time frame for the Pilot?
To coordinate the implementation of the Pilot, Higher Education Institutions should complete the Participation Agreement by October 1, 2013 and by November 1, 2013 for Organizational (Corporate and Non-profit) Participants. Working together, the Corporate and Higher Education partners will identify their service and application population by end of December 2013. The CommIT Project Team expects pilots to run from one to eighteen months, depending on the specific admissions process to be adapted and its requirements. The CommIT Project Team would also like to gather enough data from the pilot organizations to address the project goals and may lengthen the pilot time frame, if needed.
What are the costs associated with participation in the Pilot?
Pilot participants will be responsible for their own development, testing and implementation-related costs. Required resources will vary by participant based on the specific processes that they will use for the pilot. Additionally, there is a $5,000 CommIT Pilot participation fee that will be waived for organizations that are members of both the InCommon Federation and PESC.
- PESC Membership – Standards are needed in order for the education community and all its stakeholders to interoperate. Standards enable innovation and are proven to provide a significant ROI. In order to maintain the neutrality necessary for standards, the education community and its stakeholders must also equally share in the development and on-going maintenance of standards. In joining CommIT, a standards-based initiative itself, we ask your organization to help support standards development and maintenance by joining PESC as a Member. For most institutions, the annual support is $250. Please refer to http://www.PESC.org for more information.
- InCommon Federation Participation – CommIT Pilot organizations must join the InCommon Federation to use the shared trust infrastructure of the multi-point federation, including the 6 operational metadata needed for federated transactions. For more information about joining InCommon, including annual fees, see http://www.incommon.org/join.html
Why should I participate in the Pilot?
The CommIT Pilot resolves two major admissions problems encountered by higher education: managing electronic credentials for prospects that never attend and matching third party records with existing prospects. Pilot schools will have an insider’s opportunity to guide the formation of CommIT business and technical requirements and be poised and ready to adopt the service, once it goes into production. Easing the applications process using a hi-tech option can enhance the brand of your school while reducing your work load. In addition, only those participating in the pilot will be involved in the executive team briefings and in position to provide overall influence to the project.
The CommIT Pilot will provide outsourced authentication for your scoped service and enable you to provide a higher-value services by tagging your reports with the students’ CommIT identifiers. Confidence that your reports and information can be easily matched with the right student will increase your value proposition. Only those participating in the pilot will be involved in the executive team briefings and positioned to provide overall influence in the project. And you’ll be seen as collaborative partners with higher education institutions working to better the shared experience for the student.Even piloting a small service, the information gleaned from this experience will help you to plan how to best integrate the production service into your service offering. Corporate partners will be well positioned to realize the opportunity that a tighter collaboration provides and go into production when the time comes. You could be able to deploy as much as a year earlier than your competition.
The CommIT Project is about offering students single sign-on authentication across their admissions experience; the value of that grows with the number of organizations using the service. But with only a handful of schools and companies participating, why should students join the pilot? You’ll certainly have streamlined SSO access to a limited number of organizational services, but a better reason is that you’ll also have a chance to participate in a very forward-looking project that will help future students ease their transition to school. Used effectively, CommIT may also lower errors in the admissions process and enable you, the scholar, to feel confident that you’re being evaluated on your merits.
How do I sign up?
The first step to participation is to sign the Participation Agreement and send it to Tim Cameron at: firstname.lastname@example.org. The purpose of this document is to demonstrate your intent to participate in the pilot. All organizations that sign the agreement will go through a review by the CommIT Board. Those accepted will then collectively work to determine the exact scope of services and the applicant population(s). Participants can leave the pilot at any time.
What happens after I sign up?
Once an organization has signed up, they will be asked to identify a technical contact and a business/operations contact to serve on the Technology and Business Operations Teams. Additionally, the organization will be asked to name an executive point of contact to serve on a user group that will be responsible for determining scope and timeline of the pilot.
As part of the onboarding process, the CommIT Project Team will develop and deliver educational programs including webinars and one-on-one conference calls to help you with integration.
In addition to participating on the Technology and Business Teams, CommIT Steering Committee will have project briefings with Executive liaisons from Pilot Participations. While anyone can participate in the discussions at the technical and planning level, only Pilot Participants will be able to set direction.
What happens if I want out?
As stated in the CommIT Pilot Participation Agreement, if you want out, no problem. Just give either Internet2 or PESC 30 days written notice of your intent to withdraw.
Internet2 and PESC would like to invite interested higher education and corporate partners to participate in a limited pilot of the Common Identity and Trust (CommIT) Collaborative service. For an overview of the CommIT project, see the Executive Summary.
The enrollment period for this pilot ends October 1, 2013 for higher education institutions and November 1, 2013 for corporate partners. To participate, early adopter organizations should be familiar with supporting a SAML2 federated identity service in InCommon Federation (incommon.org).
I know about CommIT. Tell me about the Pilot.
From summer 2013 to spring 2014, the CommIT Project Team will be working with early adopters to integrate CommIT SSO with a limited-scope, admissions-related process that would
- Test functional and technical requirements.
- Inform you and CommIT Collaborative about organizational deployment and needed service enhancements.
- Offer your organization an early advantage before the production service is expanded nationally in 2014.
Participating as an early adopter also ensures that your organization has a seat at the CommIT Collaborative table, so you can participate in the formation of this innovative service. For information on the benefits of piloting CommIT, see the Guide To Getting Started with the CommIT Pilot (PDF).
I'm in! What's next?
Between now and the closing date for the pilot-participation enrollment period:
- Schedule a briefing with the CommIT project team to answer any questions you may have. To do this, contact the CommIT project manager, Tim Cameron, at: email@example.com to setup a call.
- Read and sign the CommIT Participation Agreement.
- Pay $5000.00, or have the fee waived by joining the InCommon Federation and PESC.
- Identify an Executive Sponsor, Admissions Lead, and Technical lead for your project and send them to Tim Cameron at the above email address.
If you have questions, please schedule your briefing with the CommIT project team, and we'll work through the details. In the interim, you can also forward your comments to firstname.lastname@example.org.