Home | About InCommon | Join InCommon

• Join InCommon
• Participants
• IAM Online
• CAMP and Advance CAMP
• Affiliates
• Certificate Service
• Policies and Practices
• Technical Information
• Software Guide
• Metadata and WAYF
• Site Administrator Info
• Frequently Asked Questions
• Benefits
• Site Administrator Login
• Collaboration Wiki
• Glossary
• Contact Us
• About

DreamSpark and the InCommon Federation

What is Microsoft DreamSpark?
It is a program through which Microsoft is giving its software developer and design tools directly to students at no charge. The software includes Visual Studio Pro, Expression Studio, Windows Server Standard Edition and SQL Server Developer Edition. The link to the program is here.

How does my school get involved?
If your institution is a participant in the InCommon Federation, your Identity Management system needs to be configured to release the right student attributes (below). If your institution is not a participant in the federation, you can join by starting here.

What is InCommon? 
InCommon is an identity and access management federation, allowing higher education institutions and their partners to exchange trusted, privacy-preserving information about online users. Protected online resources can be accessed with a finer degree of control using anonymous or personal attributes as agreed upon by each distinct service partnership.

Is Microsoft in the InCommon Federation?
Microsoft is a full-fledged participant in the InCommon Federation. A full list of participants is available here.

Why use federated access?
Microsoft supports a scalable and user-friendly way to determine whether someone wanting to download software is a student. Such a case is a perfect fit for federated access. The service provider can rely on the trust fabric of the federation, and the identity provider can pass an attribute that verifies enrollment. For an outline of this enrollment verification use-case of federated identity, visit the InCommon community space.

How does federated access work technically?
Using Shibboleth open-source federating software, Microsoft accepts SAML-based attributes passed to it from federation-enabled universities and colleges. You can find Microsoft's Service Provider information in the InCommon trusted metadata. You'll need to join InCommon, and be able to release the required attributes as described here.

How do students access the Microsoft software?
1. The individual visits the Microsoft DreamSpark website.
2. In order to download software, the student will first be asked to sign up for a Windows Live Account (students may already have an account).
3. Once the Live ID process is complete, the individual will need to be verified as a student. This is accomplished via InCommon federated access. The student will log in to his or her home university and student status will be verified.
4. This verification is accomplished through InCommon and the open-source Shibboleth technology which will securely pass attributes (student verification data) from the university identity provider to DreamSpark. For a list of attributes, see DreamSpark's attribute information page.

Why does the user need a Windows Live ID?
All Microsoft websites currently use Live ID when an account needs to be established. It is our hope that Microsoft will, in a later more robust phase, use the powerful advantages of InCommon universities' Single Sign On systems to not only verify student status but to allow Student authentication as well.

Tell me more about InCommon
InCommon is a federation of higher education institutions and their commercial partners in the U.S. The federation provides a method for single sign-on convenience among all of its identity providers and service providers. Identity providers authenticate their own member community and manage privacy levels. Service providers authorize access to protected resources based on agreed-on qualifications. The federation manages the trust fabric, the authoritative registry of systems (i.e., metadata), shared policies, attribute vocabularies, digital certificate issuance and security, and other interoperability rules of engagement. InCommon participants use the Shibboleth software system, or other SAML-compliant software, for attribute exchange and to provide single sign-on convenience.

Is InCommon the only way my institution can take part in the Microsoft offer?
Technically, no. But to be listed as a university performing its own student verification, Yes. While Microsoft has provided other means of verifying student status, they support the leadership and innovation in the higher education community, and have chosen to leverage the power, simplicity, and scalability offered by the sources of student information: InCommon universities and colleges themselves.

Does the Release of the Student Attribute violate FERPA?
The interpretation of registrars at several universities is that a student affiliation attribute combined with an opaque identifier (via the eduPersonTargetedID attribute) is releasable without requiring explicit student consent.. However, this is a matter best interpreted and decided by each individual institution. For more information read our InCommon attribute overview and attribute summary.