InCommon has published candidate versions 1.2 of the Identity Assurance Assessment Framework and Identity Assurance Profiles documents as well as an example of the new Representation of Conformance document. On this page we present our general approach, describe the major changes in these documents from the 1.1 versions, and suggest sections that are especially important for review.

Overall approach

The revision team had these objectives:

  1. Simplify the Bronze profile (equivalent to NIST LoA 1) to address the US government FICAM program's interest in promoting Bronze certification as a baseline for IdPs to authenticate to US government web sites.
  2. Respond to feedback from early-adopter campuses regarding confusing audit requirements and provide further guidance on what's required for certification.
  3. Update the documents to include missing items that were identified in developing the Assurance Legal Addendum.

Identity Assurance Assessment Framework (IAAF) changes

Identity Assurance Profiles (IAP) changes

Representation of Conformance (Example)

This document serves as an example of the final agreement that IdPOs would need to sign, in addition to the Assurance Addendum, to attest to conformance to the Bronze profile in lieu of a formal audit.