InCommon

Background for Version 1.1

The InCommon Identity Assurance 1.0 document set published in 2008 was largely based on the no-longer-extant US federal government eAuthentication Credential Assessment Framework. The federal government's requirements and priorities have since changed. New materials regarding electronic authentication and trust frameworks were published by the government's Identity, Credential and Access Management (ICAM) initiative in 2009.

In addition, a group of early-adopter campuses has been working through the assessment process of the Silver Assurance Profile and developed a number of questions and recommendations, including important contributions from both IT and Audit staff.

Together these developments created strong motivation to simplify and clarify the InCommon Identity Assurance documents while retaining their basic structure and intent.  Both government requirements and real-world assessment experience from campuses have been incorporated.

An FAQ about the InCommon Identity Assurance Program is now available: https://spaces.at.internet2.edu/x/dQBvAQ

The community wishes to thank the schools that have been working on the Silver adoption process – the Committee for Institutional Cooperation (CIC)'s Silver Audit team, which includes the Big Ten plus the University of Chicago, along with the University of Washington and Virginia Tech. The University of California schools have also been engaged in a Silver review and in providing feedback. In addition, a group of member-institutions of SURA (Southeastern University Research Association) has recently started a Silver adoption process. Both of these collaborations will document their efforts, which will help all of us as we move to adopt Silver.  Members of ACUA, the Association of College and University Auditors, also provided significant comments.  We also wish to thank the review committee for their tireless and careful elucidation of the framework and accompanying profiles.

General information about the Assurance program can be found here:
http://incommon.org/assurance/

Assurance Community Wiki

Baseline Expectations for Trust in Federation

Baseline Expectations links and information

Baseline Expectations Foundational Document

InCommon Community Trust and Assurance Board (CTAB) Minutes Publicly Available

InCommon Community Trust and Assurance Board (CTAB) Minutes are publicly available here

The charter for the InCommon Community Trust and Assurance Board (CTAB) is here

InCommon MFA Interoperability Profile Working Group

The mission of the working group was to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider by allowing SPs to rely on a standard syntax and semantics regarding MFA. See the working group wiki and the Final Work Products.

InCommon Silver with Active Directory Domain Services Cookbook for 1.2 Released

The final version of the InCommon Silver with Active Directory Domain Services Cookbook is available now! For an overview of the important bits, see the May 2014 webinar recording. 

Reading Bronze: Understanding the InCommon Profile (recordings available)

InCommon sponsored a community reading of the Bronze InCommon Assurance Profile to aid in the understanding and intent of the requirements. There were four calls during Dec. 2013 and Jan. 2014.  The calls have now concluded. Thanks to all who participated for the excellent comments and questions.

Recordings are available at this link.

Assurance Program

Specification Documents

• Identity Assurance Assessment Framework; Version 1.2 Feb 2013 [PDF]
• Identity Assurance Profiles; Version 1.2 Feb 2013 [PDF]
• Alternative Means; Multi-factor Authentication for Silver certification
• DIFFS with 1.1: Framework and Profiles
• Deprecated Versions

Alternative Means

• Alternative Means History

Community Resources

Toolkits

• Auditor

Technical InterOp

• Assurance Technical Implementation Considerations - Draft Guidance for IdPs and SPs.
• See Implementation Examples
• Bronze and Silver AuthnContext Schema

Community Contributions

• AD and Silver Cookbook, Multi-factor Considerations, and  case studies.
• Assurance Implementation Example from Virginia Tech 
• Harvard University Executive Summary of achieving Bronze Certification, Bronze Self-Certification Document, and Enhancing the Harvard Authentication System to Support InCommon Bronze
         
• Add your Approach to Supporting the Federal Privacy Requirements
• more community contributions

Webinars and Presentations

• Introducing CTAB (recording and slides) - Dec. 6, 2017

• Refocusing Community Guidance of InCommon's Trust Programs: Baseline and Bronze (recording and slides) - Oct 4, 2017

• IAM Online Webinar on Baseline Expectations Implementation and Maintenance (recording and slides) - July 19, 2017

• Baseline Expectations Implementation - June 7, 2017

• NIST 800-63 / Digital Identity Guidelines - March 1, 2017

• REFEDs Assurance Working Groups, Jan 4, 2017 - slides and Adobe Connect here

• Baseline Expectations and their Implementation, Oct 5, 2016 (Slides) and (AdobeConnect)

• Baseline Expectations – Last Call for Comments, Aug. 3, 2016 (link to slides and recording)
• Baseline Expectations for Trust in Federation, July 6, 2016 (link to slides and recording)
• Sirtfi for Security Incidents in a Federated Context, May 4, 2016 (link to slides and recording)

• Multifactor Authentication Interop Profile Working Group Update, April, 6, 2016 (link to slides and recording)

• Developments in Assurance: Insights from Across the Pond, Feb. 3, 2016 (link to slides and recording)

• Assurance Survey Results and Baseline Standards to replace the POP, at Nov. 2015 Assurance call (link to slides and recording)
   
• Duo with Shibboleth v3, from U. Chicago and Unicon, at Sept 2015 Assurance call (link to slides and recording)
• Flexible Vetting: using a point system to verify identity, at May 2015 Assurance call. (link to slides and recording)
• Password Reset practices, at April 2015 Assurance call.  (link to slides and recording)
• InCommon Bronze Approaches from GW and Harvard, recorded March 4, 2015. See recorded Webinar. See slides (PDF).
• InCommon Bronze and Security, IAM Online with two Bronze case studies (Todd Haddaway, UMBC and Sharon Welna, University of Nebraska Medical Center), (webinar recorded October 15, 2014  and slide deck)
• Successful Security Practices: Counting Failed Login Attempts, PDF slide Deck, Webinar recorded Sept. 3, 2014
• Better Practices Build Better Systems: Identity Assurance, recorded presentation by Ann West, Internet2, and Ron Thielen, U. Chicago, at EDUCAUSE Security Professionals Conference, May 2014 
• Open for Business: InCommon Identity Assurance Program (PDF Silde Deck. Webinar recorded February 29, 2012)
• Grab the Bronze and Silver Ring: Identity Assurance Progress (PDF Slide Deck. Webinar recorded June 15, 2011)