InCommon Assurance Community Wiki
Upcoming Assurance Calls
Wed. March 4, at noon ET:
George Washington University and Harvard University will share their motivations and experiences in achieving Bronze. Among other topics, they will present differing approaches to password reset and to who on their campus is certified as Bronze.
Asif Hafiz, Director, Identity and Access Management, George Washington University
Scott Bradner, University Technology Security Officer, Harvard University
Ann West, Associate Vice President for Trust and Identity, Internet2
To join, please use Adobe Connect:
Wed. April 1 at noon ET:
Eric Goodman, UCOP will lead a discussion on password reset issues.
Guidance for Supporting SHA-2 Signed Assertions
In June 2014, InCommon Steering approved the Alternative Means for Bronze and Silver Requirement to Discontinue SHA-1 Encryption for SAML Assertions to ease the transition for Identity Provider Operators that have been certified by the InCommon Assurance Program or are wishing to apply for certification by January 15, 2015.
InCommon recently released Migrating to SHA-2 to help certified campuses support SHA-2 signed assertions.
InCommon Silver with Active Directory Domain Services Cookbook for 1.2 Released
The final version of the InCommon Silver with Active Directory Domain Services Cookbook is available now! For an overview of the important bits, see the webinar recording.
Reading Bronze: Understanding the InCommon Profile (recordings available)
InCommon sponsored a community reading of the Bronze InCommon Assurance Profile to aid in the understanding and intent of the requirements. There were four calls during Dec. 2013 and Jan. 2014. The calls have now concluded. Thanks to all who participated for the excellent comments and questions.
- Identity Assurance Assessment Framework; Version 1.2 Feb 2013 [PDF]
- Identity Assurance Profiles; Version 1.2 Feb 2013 [PDF]
- Alternative Means; Multi-factor Authentication for Silver certification
- DIFFS with 1.1: Framework and Profiles
- Deprecated Versions
Project Status: Shibboleth Identity Provider Enhancements (Multi-Context Broker)
The MCB v1.0 for development of Assurance Enhancements for the Shibboleth Identity Provider has been completed and is available now for use. For more information and a project status, see Shibboleth Enhancements - Project Status.
See news on the Multi Context Broker.
See slides from IAM Online on the Multi-Context Broker (April 30, 2014)
- Assurance Technical Implementation Considerations - Draft Guidance for IdPs and SPs.
- See Implementation Examples
- Bronze and Silver AuthnContext Schema
- Check out the AD and Silver Cookbook, Multi-factor Considerations, and case studies.
- Assurance Implementation Example from Virginia Tech
- Harvard University Executive Summary of achieving Bronze Certification and Bronze Self-Certification Document
- Add your Approach to Supporting the Federal Privacy Requirements
- more community contributions
Webinars and Presentations
- InCommon Bronze and Security, IAM Online with two case studies of achieving Bronze (Todd Haddaway of UMBC and Sharon Welna from the University of Nebraska Medical Center), recorded October 15, 2014 (slide deck also available)
- Successful Security Practices: Counting Failed Login Attempts, PDF slide Deck, Webinar recorded Sept. 3, 2014
- Better Practices Build Better Systems: Identity Assurance, recorded presentation by Ann West, Internet2, and Ron Thielen, U. Chicago, at EDUCAUSE Security Professionals Conference, May 2014
- Open for Business: InCommon Identity Assurance Program (PDF Silde Deck. Webinar recorded February 29, 2012)
- Grab the Bronze and Silver Ring: Identity Assurance Progress (PDF Slide Deck. Webinar recorded June 15, 2011)
InCommon Assurance News
Confluence Syndication Feed