InCommon is pleased to announce a new InCommon Assurance Alternative Means document:
Audience for this Document: Identity Provider Operators that have been certified by the InCommon Assurance Program or are wishing to apply for certification by January 15, 2015.
Alternative Means Statement: Identity Provider (IdP) Operators may continue to use SHA-1 to sign assertions through January 15, 2015 without compromise to their InCommon Assurance certification. IdP Operators that send assertions to a FICAM-compliant US Government Agency service provider that requests an InCommon Assurance Profile after December 31, 2013 must sign those assertions using any SHA-2 algorithm.
Alternative Means Expiration: January 15, 2015
Background
The Identity Assurance Assessment Framework and Identity Assurance Profiles define specific requirements that Identity Provider Operators must meet in order to be certified in the InCommon Assurance Program. In addition to the specific requirements, the documents allow for the use of approved additional methods, called alternative means, to satisfy the criteria.
To review the new Alternative Means document, link to the Alternative Means page. In addition, joining the Monthly Implementers Call at Noon Wed July 2 to learn more:
+1-734-615-7474
+1-866-411-0013 (toll free US/Canada Only)
Access codes: 0113802#