Date: Fri, 29 Mar 2024 13:57:21 +0000 (UTC) Message-ID: <928867255.8057.1711720641211@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_8056_1778312033.1711720641211" ------=_Part_8056_1778312033.1711720641211 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The Identity Assurance Assessment Framework (IAAF) provides the backgrou= nd on the Program and defines the identity assurance trust model, including= a functional model for Identity Provider Operators, and a certification mo= del. The Identity Assurance Profiles (IAP) describe sets of Identity Provid= er Operator requirements (currently Bronze and Silver) for registering indi= viduals, issuing credentials, and managing related identity management info= rmation.
There are two reasons.
Simplifying Bronze for R= apid Deployment - U= S government Identity, Credential and Access Management= (ICAM) program = that reviews and approves trust framewor= ks for use with federal services is interested in promoting Bronze certification as a baseline fo= r IdPs to authenticate to US government web sites.This means that Identity Providers federating with NIH or NSF should be ma= king concrete plans to support Bronze in the next 6 to 9 months.
To that end, FICAM asked us to review=
the Bronze profile and consider where we could reduce our requirements and=
still adhere to their specification. The changes in v1.2 primarily ad=
dress this need for rapid ubiquitous deployment, and we =
are interested in hearing&=
nbsp;your thoughts about: 1) the specific changes=
, and 2) whether the new Bronze will enable you to implement this profile m=
ore quickly and what that timeframe would be. Most notably, Identity P=
rovider Operators now have an option to sign a Representation of Conformanc=
e in lieu of doing a specific Bronze audit.
Clarifying Audit Reporting -&= nbsp;InCommon has update= d section 4.2 of the IAAF to reflect specific guidance on the type of audit= report to submit with your application for Silver certification.= This new language clarifies requirements. The revised Introduction includes a process for adopting new versions of the Assurance specification docum= ents.
We have published a review guide that summarizes the differences.
You can send your comments to the open assurance@incommon.org list. Plea= se include a document line number prefacing each comment.
If you are not subscribed to the list, the list policy enables those on = the list to receive your comments. If you'd like to subscribe to the list, = send email to sympa@incommon.org with subscribe assurance in the s= ubject.
You can read the archives of the Assurance List. <= /p>
Absolutely. You have a choice to provide us with either your audit summa= ry for Bronze/Silver, as in the past, or the representation of conformance.= Both require you to sign the Assurance Legal Addendum, however.
Not yet. The US government ICAM project and Steven VanRoekel, Federal CIO are both interested in m= oving current government services operating in the federation to = supporting approved profiles such as Bronze. We are working with the agenci= es and ICAM to determine the timing for this.
Yes. There is a minor change with the addition of 4.2.1.4 (S) (B) I= DPO Risk Management. See the published review guide for details.
Yes. ICAM has approved our 1.0 profiles and reviewed the changes to Bron= ze v1.2 as part of the simplfying Bronze revisions. Once the 1.2 versions o= f the IAAF and IAP are out of community review, InCommon will revise = and submit these documents for ICAM review.
The Assurance specification documentations will change from time to time= due to new higher education and service partner requirements. InCommon wil= l work with certified IdP Operators to identify a roadmap and timeframe (at= least six months) for compliance to the new version.