Common device on-boarding tools for personal X.509 certificates.
Windows, MacOS, iOS, and Android are or will be supported.
Focus is to support "standard assurance," i.e., the level of identity proofing and credential issuance already in place at the institution.
InCert can be configured to enforce client configuration requirements for screen savers, administrator credentials, when the credential store must be unlocked with a password, etc.
The question was raised as to whether InCert could be used as part of LoA-3's multi-factor authentication compliance. The primary issue is when LoA-3 would require the certificate store to be unlocked (the second factor), either only at the start of a session or for each use of the certificate. Since InCert can be configured to require either option, LoA-3 compliance is probably possible with InCert.
The InCert project is looking for testers. Send mail to incert-info@internet2.edu if you're interested.