InCommon is operated by Internet2


About            Participants            Join InCommon


Becoming Certified

Community Trust and Assurance Board

Program Components


Assurance for Identity Providers

Assurance for Service Providers

Assurance Glossary

Federation Home Page

Assurance for Identity Providers

Information for Identity Providers

InCommon Assurance ProgramEligibility — See the steps to join the Assurance Program to determine if you are eligible.

Operational Requirements — The Identity Assurance Profile (IAP) [PDF] provides the detailed requirement for your identity management system. This chart (taken from the IAP) gives a nice overview for each profile.

Certification For Bronze, certification can be accomplished by simply signing the Assurance Addendum (legal agreement). For Silver, identity providers complete a certification process that includes an audit of the identity management system.

Program Background
and Resources

Identity Assurance Assessment Framework [PDF]

Identity Assurance Profiles (Bronze and Silver) [PDF]

Approved Alternative Means

InCommon Federation Operating Policies and Practices [PDF]

NIST 800-63 [PDF]

List of Certified Identity Providers

Community Contributions wiki

Subscribe to the Assurance email list


Silver and Bronze logos

Audit — If you are applying to be Silver certified, you will need an audit of your infrastructure. You will find an auditor toolkit on the Assurance community wiki.

Legal agreement — IdPs must sign the Assurance Addendum, a legal agreement that supplements the existing InCommon participation agreement.

For more information about preparing your infrastructure for certification, refer to Components of the Assurance Program.

Ready to join?

Join buttonSee the steps to join the Assurance Program.


Certified? Next steps

Once certified, IdPs will need to configure their federation software to support Assurance. Detailed information for IdPs (and other information, as well) is available in the FAQ and on the InCommon Assurance wiki.

  • Assurance is expressed using SAML2 AuthnContext, not attributes. For information on how to configure your system, see the Assurance Technical Implementation Considerations.
  • InCommon is developing a Shibboleth plugin to enable IdP Operators to more easily support Assurance. Review the requirements progress on the Assurance wiki.
  • Once certified, InCommon will insert the appropriate Identity Assurance Qualifiers into your metadata so that Service Providers can check your official status.

Copyright 2004-2018 InCommon LLC. All rights reserved. InCommon is operated by Internet2.