Good security and identity practices help ensure that an individual using an electronic credential is the person you think it is. For Service Providers in an identity federation, having Identity Provider Operators support a standard practice set (or profile) can mitigate the risk of service compromise. For Identity Providers it is a way to provide single sign-on access to applications requiring an increased level of confidence in a credential.
Congratulations to Virginia Tech for becoming the first to achieve both Bronze and Silver.
Available Profiles
Bronze, comparable to NIST Level of Assurance 1, has a security level that slightly exceeds the confidence associated with a common Internet identity.
Silver, equivalent to NIST Level of Assurance 2, has a security level appropriate for financial transactions.
Components of the Assurance Program
The InCommon Assurance Program consists of:
Identity Assurance Assessment Framework, providing background on the need for assurance and defines the Identity assurance trust model, including a functional model for Identity Provider Operators and a certification model.
Identity Assurance Profiles, describing sets of identity Provider Operator requirements (Bronze and Silver) for registering individuals, issuing credentials, and managing related identity management information. Profiles can include other aspects of identity, too.
Certification Service, providing a way for those Identity Provider Operators that meet the requirements of an Identity Assurance Profile to be certified by InCommon. This thorough assessment process is described more completely on the Join page.
InCommon Metadata, containing Identity Assurance Qualifiers for InCommon-certified Identity Providers.
Practice and Implementation Outreach, working with the community to grow the compendium of practices and approaches. The Assurance wiki includes much more information, including community contributions.
Program Oversight, provided by the Assurance Advisory Committee, an advisory body to the InCommon Steering Committee. Identity Providers complete a certification process and pay an annual fee (in addition to the existing InCommon participation fee).
Benefits
Increases Confidence; Reduces Risk — Service Providers have increased confidence because standards-based identity practices ensure that their risk requirements are met.
Saves Time When Adding New Customers — Service Providers can rely on community-accepted standards in assessing Identity Provider systems, eliminating the burden of individual campus assessments. This will greatly reduce the time required to add new certified Identity Providers.
Access to Higher-Value Services — Certified identity providers can provide federated access to financial and health-related applications, sensitive research information, and other services that require greater confidence in an identity.
Protects Your Investment — InCommon is an approved Trust Framework Provider under the US Identity, Credential, and Access Management Trust Framework Program. You’re one among many using this program.
