In the interest of transparency with our community, InCommon publishes incident reports related to security incidents, security events (which do not rise to the level of an incident), and other non-security incident reports.
InCommon’s Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to InCommon’s trust, identity and security-related services so that they may be relied upon by InCommon participants for mission-critical and security-sensitive operations on an ongoing basis. This page provides information about the policy governing the CSIRT, as well as reports of past security incidents.
InCommon Security Incident Handling Framework
Published Security Incident Reports
2017-08-02-01 (InCommon Federation Manager delegated admin unauthorized access)
2016-11-17-01 (InCommon IdPs release duplicate persistent nameID to ORCID SP)
Published Security Event Reports
Published Non-Security Incident Reports
- 2024-01-23-01 (eduroam.us national proxy degraded service incident)
- 2023-07-14-01 (eduroam.us national proxy degraded service incident)
- 2022-09-08-01 (eduroam.us national proxy server outage incident)
- 2022-06-13-01 (eduroam rate limiting service outage incident)
- 2021-10-07-01 (Metadata service ("MDQ") service degradation)
- 2020-10-06-01 (Introduction of invalid characters into metadata)
- 2020-07-31-01 (InCommon Federation Manager unintentional removal of an IdP from metadata)
2018-06-27-01 (InCommon Federation Manager upgrade-related service outage incident summary)