Home | About InCommon | Join InCommon

Assurance for Identity Providers

Requirements for Identity Providers

Eligibility — See the steps to join the Assurance Program to determine if you are eligible.

Fees and legal agreement — Identity providers pay an annual fee (over and above the InCommon participation fee) for the Assurance Program. IdPs also sign the assurance addendum [PDF], a legal agreement that supplements the existing InCommon participation agreement.

Operational Requirements — The Identity Assurance Profile (IAP) provides the detailed requirement for your identity management system. This chart (taken from the IAP) gives a nice overview for each profile.

Certification— Identity providers also complete a certification process that includes a summary of an audit of the identity management system.

Ready to join?

See the steps to join the Assurance Program.

See the fees associated with the Assurance Program.

Program Background and Resources

• Identity Assurance Assessment Framework — an overall description of the program in addition to the Profiles cited above.
• InCommon Federation Operating Policies and Practices — information about the Federation and role in the Certification Program.
• NIST 800-63 Electronic Authentication Guideline (for Federal Agencies) — the comparable Level of Assurance 1 (Bronze) and 2 (Silver)
• Community Contributions wiki — community case studies, tools, and implementation advice.
• Email list for webinar announcements, discussions, and call schedules. (Use the link, or send email to sympa@incommon.org with the subject line: subscribe assurance)
• FAQ
• Silver and/or Bronze logos — once certified, you’ll be able to use these logos. They will also appear on your InCommon Participants page.

Certified? Next steps

The implementations requires system and process changes. Detailed information for IdPs (and other information, as well) is available in the FAQ and on the InCommon Assurance wiki.

• Assurance is expressed using SAML2 AuthnContext, not attributes. For information on how to configure your system, see the Assurance Technical Implementation Considerations.
• Once certified, InCommon will insert the appropriate Identity Assurance Qualifiers into your metadata for Service Providers to check your official status.