In the interest of transparency with our community, InCommon publishes incident reports related to security incidents, security events (which do not rise to the level of an incident), and other non-security incident reports.
InCommon’s Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to InCommon’s trust, identity and security-related services so that they may be relied upon by InCommon participants for mission-critical and security-sensitive operations on an ongoing basis. This page provides information about the policy governing the CSIRT, as well as reports of past security incidents.
InCommon Security Incident Handling Framework
Published Security Incident Reports
2017-08-02-01 (InCommon Federation Manager delegated admin unauthorized access)
2016-11-17-01 (InCommon IdPs release duplicate persistent nameID to ORCID SP)