...
There is a bundle of attributes that FICAM requires all Credential Service Provides to release. At this point those attributes are legal name and date of birth. InCommon's position is that all attribute release should be handled by membership in the InCommon federation. InCommon is working with FICAM to remove the requirements for InCommon Credential Service Providers to release attributes to FICAM. The hope is that FICAM will agree that InCommon will release a standard set of attributes (perhaps the R&S bundle). Anil John of FICAM will be setting up a meeting with NIH and NSF to see if an agreement can be reached. InCommon has also stressed in discussions with Anil John that the lack of federal services requiring assurance is a major issue.
FICAM decided that their previous document did not do enough to facilitate federation, and under FICAM Under FICAM 2.0, a federation like InCommon or Kantara must provide more info to FICAM about how their federation works, such as how the change management process, testing and interoperability, are handled, etc.
Assurance Advisory Committee (AAC) Update (Jacob)
The AAC has heard from the community that it would be beneficial to have more modular standards in the InCommon assurance program. The current Bronze and Silver profiles were modeled off a monolithic government document (NIST 800-63). Some Service Providers have stated that don't care about everything every category in the current specs . For example, they may care about incident response but not so much about privacyand some IDPs find it hard to implement 100% of the spec requirements.
Conversation nationally and within the IDESG focuses on developing modular units, called Trustmarks, for assurance. https://www.idecosystem.org/wiki/Trust_Frameworks
...