Duo MFA and Shib v3 solution presented at Sept 2015 Assurance CallMulti Factor Authentication (MFA) is a hot topic and the community has been eagerly awaiting proven solutions to integrating Duo Security with Shibboleth IdP v3. Hear the solution from U. of Chicago and Unicon. Links to the Adobe Connect recording and slides are here.
Baseline Expectations for Trust in Federation
Baseline Expectations links and information
Baseline Expectations Foundational Document
InCommon Community Trust and Assurance Board (CTAB) Minutes Publicly Available
InCommon Community Trust and Assurance Board (CTAB) Minutes are publicly available here
The charter for the InCommon Community Trust and Assurance Board (CTAB) is here
InCommon MFA Interoperability Profile Working Group
The mission of the working group is was to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider by allowing SPs to rely on a standard syntax and semantics regarding MFA. See the working group wiki space.
Guidance for Supporting SHA-2 Signed Assertions
In August 2014, InCommon released Migrating to SHA-2 to help certified campuses support SHA-2 signed assertions.
In June 2014, InCommon Steering approved the (now expired) "Alternative Means for Bronze and Silver Requirement to Discontinue SHA-1 Encryption for SAML Assertions" to ease the transition for Identity Provider Operators that had been certified by the InCommon Assurance Program or were wishing to apply for certification by January 15, 2015the Final Work Products.
InCommon Silver with Active Directory Domain Services Cookbook for 1.2 Released
The final version of the InCommon Silver with Active Directory Domain Services Cookbook is available now! For an overview of the important bits, see the May 2014 webinar recording.
Reading Bronze: Understanding the InCommon Profile (recordings available)
InCommon sponsored a community reading of the Bronze InCommon Assurance Profile to aid in the understanding and intent of the requirements. There were four calls during Dec. 2013 and Jan. 2014. The calls have now concluded. Thanks to all who participated for the excellent comments and questions.
Recordings are available at this link.
Multi-Context Broker Model
The Multi-Context Broker (MCB) was released in February of 2014 to improve support for multi-factor authentication and assurance profiles in version 2.x of the Shibboleth IdP. MCB functionality is also in the more recent Shibboleth IdP version 3.x. See Multi-Context Broker for more more background and information on how to configure and deploy the MCB for either version of the Shibboleth IdP.
Webinars and Presentations
InCommon Assurance Program website