Internet2

InCommon is operated by Internet2

InCommon

About            Participants            Join InCommon


Assurance

Subscribe

Program Components

FAQ

Assurance for Identity Providers

Assurance for Service Providers

Assurance Fee Schedule

Assurance Advisory Committee

Assurance Glossary

Internet2 Industry Program - Trust and Identity Solution Providers


Assurance Criteria - Quick Look

This table summarizes all of the identity assurance criteria defined for Bronze and Silver IAPs.  Cells that are shaded and contain “n/a” do not apply to the indicated profile. 

Functional Area

Criteria

Bronze

Silver

4.2.1 Business, Policy and Operational Criteria

.1  InCommon Participant

.2  Notification to InCommon

.3  Continuing Compliance

 

.4  IdPO Risk Management

4.2.2 Registration and Identity Proofing

.1  RA authentication

n/a

.2  Identity Verification Process

n/a

.3  Registration Records

n/a

.4  Identity Proofing

n/a

.4.1  Existing Relationship

n/a

.4.2  In-person Proofing

n/a

.4.3  Remote Proofing

n/a

.5  Address of Record Confirmation

n/a

.6  Protection of Personally Identifiable Information

4.2.3 Credential Technology

.1  Credential Unique Identifier

.2  Basic Resistance to Guessing Authentication Secret

n/a

.3  Strong Resistance to Guessing Authentication Secret

n/a

.4  Stored Authentication Secrets

n/a

.5  Basic Protection of Authentication Secrets

.6  Strong Protection of Authentication Secrets

n/a

4.2.4 Credential Issuance and Management

.1  Credential Issuance

.2  Credential Revocation or Expiration

.3  Credential Renewal or Re-issuance

.4  Credential Issuance Records Retention

n/a

.5  Resist Token Issuance Tampering Threat

4.2.5 Authentication Process

.1  Resist Replay Attack

.2  Resist Eavesdropper Attack

.3  Secure Communication

.4  Proof of Possession

.5  Resist Session Hijacking Threat

.6  Mitigate Risk of Credential Compromise

4.2.6 Identity Information Management

.1  Identity Record Qualification

4.2.7 Assertion Content

.1  Identity Attributes

.2  Identity Assertion Qualifier

.3  Cryptographic Security

4.2.8 Technical Environment

.1  Software Maintenance

n/a

.2  Network Security

n/a

.3  Physical Security

n/a

.4  Reliable Operations

n/a

Copyright 2004-2017 InCommon LLC. All rights reserved. admin@incommon.org. InCommon is operated by Internet2.