InCommon Assurance Program

What is the Assurance Program?

InCommon Assurance Program Good security and identity practices help ensure that an individual using an electronic credential is the person you think it is. For Service Providers in an identity federation, having Identity Provider Operators support a standard practice set (or profile) can mitigate the risk of service compromise. For Identity Providers it is a way to provide single sign-on access to applications requiring an increased level of confidence in a credential.

Components of the Assurance Program

The InCommon Assurance Program consists of:

Identity Assurance Assessment Framework, providing background on the need for assurance and defines the Identity assurance trust model, including a functional model for Identity Provider Operators and a certification model.
Identity Assurance Profiles, describing sets of identity Provider Operator requirements (Bronze and Silver) for registering individuals, issuing credentials, and managing related identity management information. Profiles can include other aspects of identity, too.
Certification Service, providing a way for those Identity Provider Operators that meet the requirements of an Identity Assurance Profile to be certified by InCommon. This thorough assessment process is described more completely on the Join page.
InCommon Metadata, containing Identity Assurance Qualifiers for InCommon-certified Identity Providers.
Practice and Implementation Outreach, working with the community to grow the compendium of practices and approaches. The Assurance wiki includes much more information, including community contributions.
Program Oversight, provided by the Assurance Advisory Committee, an advisory body to the InCommon Steering Committee. Identity Providers complete a certification process and pay an annual fee (in addition to the existing InCommon participation fee).

Benefits

Increases Confidence; Reduces Risk — Service Providers have increased confidence because standards-based identity practices ensure that their risk requirements are met.

Saves Time When Adding New Customers — Service Providers can rely on community-accepted standards in assessing Identity Provider systems, eliminating the burden of individual campus assessments. This will greatly reduce the time required to add new certified Identity Providers.

Access to Higher-Value Services — Certified identity providers can provide federated access to financial and health-related applications, sensitive research information, and other services that require greater confidence in an identity.

Protects Your Investment — InCommon has been provisionally approved as a Trust Framework Provider under the the US Identity, Credential, and Access Management Trust Framework Program. You’re one among many using this program.

Service Providers Requesting Silver Qualifiers

Current Service Providers intending to request Silver qualifiers include:

CILogon
LIGO
National Student Clearinghouse.

Available Profiles

	Bronze, comparable to NIST Level of Assurance 1, has a security level that slightly exceeds the confidence associated with a common Internet identity.
	Silver, equivalent to NIST Level of Assurance 2, has a security level appropriate for financial transactions.

email Subscribe to the assurance discussion list to stay up-to-date as campuses move towards Bronze and Silver.

Assurance Program Webinar
Weds., February 29, 2012 (2 pm ET)

This webinar signals the opening of the InCommon Assurance Program. We'll provide an overview of the program and discuss the certification process. Join via Adobe Connect: internet2.adobeconnect.com/assurance