In the interest of transparency with our community, InCommon publishes incident reports related to security incidents, security events (which do not rise to the level of an incident), and other non-security incident reports.
InCommon’s Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to InCommon’s trust, identity and security-related services so that they may be relied upon by InCommon participants for mission-critical and security-sensitive operations on an ongoing basis. This page provides information about the policy governing the CSIRT, as well as reports of past security incidents.
2017-08-02-01 (InCommon Federation Manager delegated admin unauthorized access)
2016-11-17-01 (InCommon IdPs release duplicate persistent nameID to ORCID SP)
2018-06-27-01 (InCommon Federation Manager upgrade-related service outage incident summary)