The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



In the interest of transparency with our community, InCommon publishes incident reports related to security incidents, security events (which do not rise to the level of an incident), and other non-security incident reports.

InCommon’s Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to InCommon’s trust, identity and security-related services so that they may be relied upon by InCommon participants for mission-critical and security-sensitive operations on an ongoing basis. This page provides information about the policy governing the CSIRT, as well as reports of past security incidents.

InCommon Security Incident Handling Framework

Published Security Incident Reports

  • 2017-08-02-01 (InCommon Federation Manager delegated admin unauthorized access)

  • 2016-11-17-01 (InCommon IdPs release duplicate persistent nameID to ORCID SP)

Published Security Event Reports

Published Non-Security Incident Reports

  • 2018-06-27-01 (InCommon Federation Manager upgrade-related service outage incident summary)

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels