InCommon proudly announces new Assurance Program specification documents that offer significant community benefits, including a much easier path toward Bronze certification, and approval by the U.S. government. The changes come after extensive work by the research and higher education community.
The new revision (version 1.2) removes the requirement of an audit for InCommon Bronze so that an identity provider can attest compliance by simply signing an agreement. In addition, there are no additional fees for Bronze certification.
The revised documents also have won the approval of the Federal Identity, Credential, and Access Management (FICAM) organization, which means that InCommon continues as research and education’s trusted-identity framework provider to the U.S. government. Identity providers with InCommon Bronze or Silver certification can provide trusted credentials to federal relying parties, like the National Science Foundation and the National Institutes of Health. FICAM coordinates the federal trust framework provider (TFP) application program, which certifies credential providers for use by federal relying parties.
“Broad adoption of Bronze will send a strong signal to federal agencies that assurance is very important to higher education, and we urge every InCommon identity provider to consider applying for Bronze certification,” said John Krienke, InCommon’s chief operating officer. “The Assurance specifications also provide an excellent way to ensure an up-to-date authentication infrastructure.”
With this revision, identity providers have flexibility in how they comply with the specification by proposing alternative approaches for meeting or exceeding the published Bronze or Silver Identity Assurance Profile requirements. InCommon’s Assurance Advisory Committee will consider these alternative means, and once approved, the approach is added to the specification and therefore reusable by others.
The InCommon Assurance Program awards certifications to identity providers that support criteria for consistent electronic credential and identity management practices. These practices increase the confidence in a user’s electronic identity and help mitigate risk for the campus and cloud service provider. InCommon has published two assurance profiles, Bronze and Silver, which are comparable with federal Levels of Assurance 1 and 2, respectively.
More information and copies of the revised assurance documents are available at assurance.incommon.org.