Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Blog
Skip to end of metadata
Go to start of metadata

InCommon is pleased to announce a new InCommon Assurance Alternative Means document: 

Audience for this Document: Identity Provider Operators that have been certified by the InCommon Assurance Program or are wishing to apply for certification by January 15, 2015.

Alternative Means Statement:  Identity Provider (IdP) Operators may continue to use SHA-1 to sign assertions through January 15, 2015  without compromise to their InCommon Assurance certification. IdP Operators that send assertions to a FICAM-compliant US Government Agency service provider that requests an InCommon Assurance Profile after December 31, 2013 must sign those assertions using any SHA-2 algorithm. 

Alternative Means Expiration: January 15, 2015

Background

The Identity Assurance Assessment Framework and Identity Assurance Profiles define specific requirements that Identity Provider Operators must meet in order to be certified in the InCommon Assurance Program. In addition to the specific requirements, the documents allow for the use of approved additional methods, called alternative means, to satisfy the criteria. 

To review the new Alternative Means document, link to the Alternative Means  page. In addition, joining the Monthly Implementers Call at Noon Wed July 2 to learn more:

+1-734-615-7474 
+1-866-411-0013 (toll free US/Canada Only)
Access codes: 0113802#

  • No labels