Page tree
Skip to end of metadata
Go to start of metadata

Do I need to make any changes to my federation software to allow for its continued operation in InCommon?

No, no changes are needed by participants in order to support this process.

What is the difference between the new way of doing signing which will go into effect on April 8, 2020 and the old way of doing signing?

Signing is now performed using a hardware security module in a secure online environment, rather than using an air-gapped computer with multiple staff needing to be present, as was the case before the change. See the diagram on this page for more information. 

Why did InCommon move to an online signing process?

In the interest of public health and safety, the State of Michigan is requiring a temporary "safer at home" practice in response to the COVID-19 pandemic. For this reason, we needed to perform this work to prevent staff from needing to travel to the office and perform signing in close proximity to one another. This is a change we were already well along in the planning and implementation phases of before having to accelerate the schedule due to COVID-19.

Does this alter the trust model of the federation?

No, the signing operation is at least as secure as it was in the past, and is now automated so that human beings do not need to regularly interact with the sensitive key material in order to perform metadata signing.

Was the community consulted prior to making this change?

Yes- the InCommon Technical Advisory Committee, a governance group of community members which advises on the operations and strategy of the federation, were made aware of the details of the change and reviewed those changes prior to execution.

(click to zoom)

  • No labels