Publication section: Compete | Format: Intelligence Brief | Sourcing note: Community voice characterizations in this piece are drawn from composite representation of Internet2 Trust and Identity Community (TIC) working group discussions, EDUCAUSE 2026 session materials, and InCommon governance forums. Specific quotes are illustrative of documented community positions; production version should replace with named practitioner interviews and on-record working group citations. Shibboleth capability claims are grounded in project documentation; flag items marked [FIELD INPUT NEEDED] for campus IAM practitioner verification.
The conversation in Internet2's Trust and Identity Community working sessions has shifted. Not dramatically — campus IAM practitioners don't do dramatic — but the shift is real, and the people in the room know it.
For the better part of two decades, the central problem in higher ed identity was federation: how do you let a researcher at Michigan authenticate to a resource at XSEDE, or a student at a community college access a shared library system, without every institution managing bilateral trust agreements with every other institution? Shibboleth solved that problem. InCommon scaled it. The community built something genuinely impressive, and the institutional trust that accumulated around that infrastructure is not a marketing artifact — it is a real and hard-won thing.
The problem surfacing in 2025 and accelerating into 2026 planning discussions is structurally different. Federation wasn't built for it. And the community is starting to say so out loud.
What Practitioners Are Actually Naming
The term "non-human identity" has entered the working group vocabulary, though campus practitioners tend to reach for more specific language first. In TIC discussions and EDUCAUSE 2026 session proposals, the problem gets described in operational terms: service accounts that were provisioned for a research project three years ago and never deprovisioned. API credentials embedded in HPC job submission scripts that nobody owns anymore. GitHub Actions tokens with repository-level permissions that outlived the postdoc who created them. Automated data pipeline credentials connecting institutional storage to NIH-funded cloud environments, managed by a single research computing engineer who is now on sabbatical.
The agentic AI layer is newer and the community is more tentative about it, but it is showing up. A session at EDUCAUSE 2026 Annual Conference titled "When Your AI Does the Clicking: Identity Governance for Autonomous Research Workflows" drew standing-room attendance. The framing in that session — and in subsequent community discussion — was not "how do we apply our existing IAM stack to AI agents" but something more unsettled: "we don't actually know what identity means for a system that authenticates on behalf of a researcher, makes decisions, and spawns sub-processes that also need credentials."
That unsettledness matters. The higher ed IAM community is not prone to admitting it doesn't know something. Public sessions framed around foundational uncertainty are a signal worth taking seriously.
Where Shibboleth's Architecture Lives
To understand the gap, you have to understand what Shibboleth was built to do. The Shibboleth IdP is a SAML-based identity provider designed around human principals authenticating through browser-initiated flows. Its attribute release framework — the mechanism that controls what information about a user gets shared with a service provider — is built on the eduPerson schema, which describes people: their affiliations, their roles, their organizational relationships. The InCommon federation's entity categories, including the Research and Scholarship category that governs most cross-institutional research access, are similarly structured around human users and their institutional relationships.
This is not a limitation born of negligence. It is an architectural reflection of the problem the community needed to solve in 2005. The SAML assertion model, the SP-initiated redirect, the attribute release policy — these are elegant solutions to the human federation problem. They were not designed for machine-to-machine authentication, dynamic credential issuance, or the kind of ephemeral identity lifecycle that agentic systems require.
[FIELD INPUT NEEDED: Campus IAM practitioners at R1 institutions running Shibboleth IdP v5 should be consulted on whether the IdP's OAuth/OIDC support — added incrementally since v4 — meaningfully addresses service account governance, or whether it addresses token issuance without lifecycle management.]
The Shibboleth project has been extending its protocol support. The IdP now handles OIDC flows and can issue tokens to non-browser clients. But token issuance and identity governance are different problems. Issuing a credential to a machine is not the same as knowing who owns it, what it can access, when it should expire, whether it has been rotated, and what happens to it when the research project that spawned it ends. The community knows this distinction. It comes up in working group discussions precisely because practitioners are trying to figure out whether the tools they already have can be extended to cover the new surface, or whether the surface is genuinely different.
What Community-Led Responses Look Like
Several responses are in motion, and they deserve honest characterization.
InCommon working groups on machine identity. InCommon has convened discussions on extending federation trust frameworks to non-human entities. The core question is whether the InCommon trust model — which is built on institutional accountability for human users — can be adapted to cover service accounts and automated systems. Early working group output suggests the answer is "partially and with significant caveats." Institutional accountability works when there is a human whose employment relationship creates an enforcement mechanism. For a service account owned by a research project that spans three institutions and a federal funding agency, the accountability chain is genuinely unclear. [FIELD INPUT NEEDED: Current status of InCommon machine identity working group outputs; last known activity was Q4 2025.]
TIER program extensions. The TIER program — the community's effort to build a coherent, interoperable IAM stack from Grouper, COmanage, and related tools — has been exploring how to extend its provisioning and governance capabilities to service accounts. COmanage's collaborative organization management model has some natural applicability: research collaborations already use it to manage membership and access for human participants, and the same organizational structures could theoretically govern the service accounts those collaborations use. The challenge is that COmanage's lifecycle management was designed around human membership events — joining a collaboration, changing roles, departing. Service account lifecycle events are different in kind: they are often triggered by code changes, infrastructure events, or project phase transitions that don't map onto human HR events.
REFEDS discussions on non-human entity categories. REFEDS, the Research and Education FEDerations group that coordinates international federation policy, has opened discussions on whether new entity categories are needed for automated systems. This is early-stage work. The community consensus, as best it can be characterized from public session notes, is that the existing category framework is insufficient but that defining new categories requires solving the accountability and assurance questions first — and those questions don't have clean answers yet.
Secrets management pilots. A number of R1 institutions have deployed HashiCorp Vault or AWS Secrets Manager alongside their Shibboleth infrastructure to handle machine credentials. This is pragmatic and it works at the individual institution level. It is not a federated solution. A service account credential managed in one institution's Vault instance is invisible to the trust framework that governs cross-institutional research access. The pilots address the local governance problem without touching the federated governance problem.
The Pace Problem Is Structural
What the community discussions acknowledge but don't always say directly: the gap between where these responses are and where the problem is moving is not a function of effort or intent. It is a function of structure.
The Shibboleth Consortium is a small organization. Its engineering capacity is real but finite. The IdP v4 to v5 migration — a necessary modernization that the community has been managing for the past two years — consumed significant project bandwidth. Major architectural extensions to address NHI governance would require either a substantial increase in consortium resources or a multi-year roadmap that the current volunteer governance model is not structured to accelerate. Neither condition currently exists.
The InCommon federation's governance model is similarly deliberate by design. Trust frameworks are not changed quickly, because the institutions that rely on them need stability. The same institutional conservatism that makes InCommon trustworthy makes it slow to adapt to a threat surface expanding on a timeline measured in quarters, not years.
Agentic AI is the accelerant. The NHI problem that campus practitioners were describing in 2024 — orphaned service accounts, unrotated API keys, undocumented research pipeline credentials — was a governance hygiene problem. Serious, but bounded. The agentic AI layer introduces dynamic identity creation at a pace that governance hygiene frameworks were not designed to handle. A research computing environment that deploys an agentic workflow system can mint dozens of functional identities in a single afternoon: sub-agents, tool-use credentials, API connections to institutional data stores, tokens for external research services. Those identities don't exist in the Shibboleth attribute release framework, aren't visible to InCommon, and have no deprovisioning trigger.
The practitioners most engaged with this problem are not dismissive of the existing infrastructure. They built it, they maintain it, and they understand its value. What they are saying — in working group sessions, in hallway conversations at EDUCAUSE, in the careful language of session proposals — is that the federation-era architecture was designed for a world where identity meant a person with an institutional affiliation. That world hasn't disappeared. But it is no longer the whole world, and the new part is growing faster than the governance frameworks can follow.
The community-led responses being piloted are genuine efforts by capable people working within real constraints. Open-source release cadence, volunteer-driven governance, and architectural assumptions built for human federation are not the right instruments for a problem moving at the speed of agentic AI deployment. That is not a criticism of the community's competence or commitment. It is a description of what the infrastructure was built to do, and what it wasn't.