Subject: Updated InCommon Identity Assurance Documents Available for Public Review
The candidate releases of updated versions of two foundational documents of the InCommon Identity Assurance program, the InCommon Identity Assurance Assessment Framework (IAAF) and the InCommon Identity Assurance Profiles (IAP), are now available for community comment. These public review drafts of v1.2 are open for comment now through 5pm ET May 7th 2012. An overview and details on submitting comments follow. The InCommon community is encouraged to give feedback.
What are These Documents?
The Identity Assurance Assessment Framework (IAAF) provides the background on the Program and defines the identity assurance trust model, including a functional model for Identity Provider Operators, and a certification model. The Identity Assurance Profiles (IAP) describe sets of Identity Provider Operator requirements (currently Bronze and Silver) for registering individuals, issuing credentials, and managing related identity management information.
The Need for Update
Simplifying Bronze for Rapid Deployment - US government ICAM program that reviews and approves trust frameworks for use with federal services is interested in promoting Bronze certification as a baseline for IdPs to authenticate to US government web sites.This means that Identity Providers federating with NIH or NSF should be making concrete plans to support Bronze in the next 6 to 9 months.
To that end, FICAM asked us to review the Bronze profile and consider where we could reduce our requirements and still adhere to their specification. The changes in v1.2 primarily address this need for rapid ubiquitous deployment, and we are interested in hearing your thoughts about: 1) the specific changes, and 2) whether the new Bronze will enable you to implement this profile more quickly and what that timeframe would be. Most notably, Identity Provider Operators now have an option to sign a Representation of Conformance in lieu of doing a specific Bronze audit.
Clarifying Audit Reporting - InCommon has updated section 4.2 of the IAAF to reflect specific guidance on the type of audit report to submit with your application for Silver certification. This new language clarifies requirements. The revised Introduction includes a process for adopting new versions of the Assurance specification documents.
How to Comment on the v1.2 Public Review Drafts
The review committee welcomes feedback on the drafts until 5pm ET May 7th. All submitted feedback will be considered, and the final release of v1.2 is targeted for mid-June.
The draft IAAF, IAP and Representation of Conformance (required in lieu of Bronze Audit) are available in PDF format.
We invite you to send your comments to assurance@incommon.org. Please include a document line number prefacing each comment.
The community wishes to thank the schools that have been working on these updates – the Committee for Institutional Cooperation (CIC)'s Silver Audit team, which includes the Big Ten plus the University of Chicago, along with the University of Washington and Virginia Tech. The University of California schools have also been engaged in providing audit feedback. We also wish to thank the review committee for updates to the framework and accompanying profiles, and the auditor representatives on the Assurance Advisory Committee for providing guidance for their peers.
General information about the Assurance program can be found at assurance.incommon.org.
Sincerely,
Mary Dunker, Chair
Assurance Advisory Committee
Jack Suess, Chair
InCommon Steering Committee