Versions Compared

Old Version 4

changes.mady.by.user Ann West (internet2.edu)

Saved on

compared with

New Version 5

changes.mady.by.user rlmorgan@washington.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon has published candidate version versions 1.2 of the Identity Assurance Assessment Framework and Identity Assurance Profiles documents as well as an example of the new Representation of Conformance document. On this page we present our general approach, describe the major changes in these documents from the 1.1 .x versions, and suggest sections that are especially important for review.

...

  1. Simplify the Bronze profile (equivalent to NIST LoA 1) to address the US government ICAM program request to reduce barriers for deployment and thus increase the speed of adoption of BronzeFICAM program's interest in promoting Bronze certification as a baseline for IdPs to authenticate to US government web sites.
  2. Respond to feedback from early-adopter campuses regarding confusing audit requirements and provide further guidance on what's required for certification.
  3. Update the documents to include missing items that were identified in developing the Assurance Legal Addendum.

...

  • Section 3:  Silver and Bronze Profiles
    Clarified use of IAQs.
  • Section 4:  Criteria
    Modified and added criteria to reduce the burden of implementing Bronze.
  • 4.2.1.4 (S) (B) IDPO Risk Management
    Added period periodic review of IdPO's IT operations to align with risk management objectives. One of For the major barriors for Bronze is the audit requirement. When approached about removing this reuirement, the US Government ICAM Program  representatives would like IT operation that supports the IdP is the type of organization that routinely undergoes some soft of audit. Further, this seemed trivial for Silver IdPsBronze profile, this requirement replaces the need for a formal IdMS audit, which had been a major barrier. This provision is not expected to be a burden for Silver certification.
  • 4.2.3.2 (B) Basic Resistance to Guessing Authentication Secret
    Clarified language.
  • 4.2.3.4 (S) Stored Authentication Secrets
    Removed cross reference.
  • 4.2.3.5 (New - Bronze Only)  Protection of Authentication Secrets
    Added to reduce the burden of implementing password-protection requirements for Bronze-only applicants.
  • 4.2.3.6 (S) Strong Project of Authenticaton Secrets
    Updated title to distinguish Silver from Bronze requirements.
  • 4.2.5.6 Mitigate Risk of Credential Compromise
    Removed the specific guidance on how to mitigate risk to align with the document approach taken in the 1.1 version.
  • 4.2.7.2 (S) (B) Identity Assertion Qualifier (IAQ)
    Added clarifying sentence that InCommon certifies IdPs as eligble to assert one more more qualifiers. And the IdPO must be capable of including the InCommon IAQ when the criteria are met for a subject. 
  • Section 5 Determination of Conformance
    This new section distinguishing section distinguishes how conformance with the Bronze and Silver profiles is requested by the IdPOs and how the new Representation of Conformance document supports Bronze as an option in lieu of the current audit. 

...