Versions Compared

Old Version 8

changes.mady.by.user rlmorgan@washington.edu

Saved on

compared with

New Version 9

changes.mady.by.user Dean Woodbeck (internet2.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Respond to feedback from early-adopter campuses regarding provisions that were unclear or onerous.
  2. Remove elements that were not justified by US government or InCommon community requirements.
  3. Harmonize conflicting and out-of-date terminology.
  4. Continue to meet requirements of the US government ICAM program for Assurance Levels 1 and 2 (Bronze and Silver).
  5. Clarify the purpose and audience of each document.
  6. Clearly indicate normative requirements; remove or appropriately distinguish examples and advice; describe requirements in terms of what must be achieved, as opposed to how to achieve it.
  7. Reduce the number of referenced external documents, especially those that appear normative.

...

  • Section 1:  Introduction
    Former section 1.2 (General Approach) removed, material moved to other sections.
  • Section 2:  Identity Management Functional Model
    This is a new section.  It It is intended to clearly define key terms and concepts used in Assurance Profiles, in the context of identity management systems typically used by InCommon participants.   This section replaces the Glossary (Appendix A) in version 1.0.x.  Identity management staff should review this section for consistency with their deployments.
  • Section 3:  Identity Assurance Profiles (previously Section 2)
    This section has been simplified to provide general information on the types of issues addressed in IAPs, rather than listing specific issues, and to remove apparent embedded requirements.
  • Section 4:  Assessment and Audit of Identity Providers (previously Section 3)
    This section has been modified to clarify the assessment and certification processes, as well as the roles of Audit and IT within those processes.  Careful review of the proposed processes and responsibilities by auditors and CISOs is appreciated.
  • Appendix A:  Glossary
    Removed.

...

  • 4.2.1 Business, Policy and Operational Criteria
    All previous criteria from this section have been removed, leaving only a requirement to be an InCommon Participant in good standing.  Many of the removed criteria were called out as burdensome by early adopters.
  • 4.2.2 Registration and Identity Proofing
    It is no longer required to record identity proofing document numbers, only their type and issuer, and the requirement for 7.5-year retention of identity proofing records has been removed, making it subject to the IdPOIdentity Provider Organization's applicable policy and law.   The use of "existing relationship" in identity proofing was clarified.
  • 4.2.3 Credential Technology
    The criteria for "Subject modifiable shared secret" have been removed; they were are no longer required by US government specs.
    The protection of authentication secrets has been clarified, particularly with respect to the scope of the situations where those secrets must be protected.
  • 4.2.4 Credential Issuance and Management
    Criteria for credential renewal/re-issuance were clarified.   Criteria for record retention of credential issuance were added.
    The following criteria were removed.  They They were either duplicative of other criteria or were not justified by US government or InCommon community requirements.
    • Unique Subject identifier
    • Credential status
    • Credential status verification
    • Suspected credential compromise

...

  • Please send comments via email to:  ia-review at incommon.org
  • Comments should reference specific text and line numbers in the documents.
  •  "X is unclear" is typically not a useful comment by itself.   Proposed clarifying text is much more helpful.

...