Virginia Tech First To Reach Certified Online Trust Standards
Virginia Tech is the first university in the country to become a certified provider of greater assurance to online resource providers — federal agencies, universities, nonprofit organizations, and private companies alike — of the identity of those seeking access to financial and other sensitive information.
The university has qualified for Internet2’s InCommon Bronze and Silver Identity Assurance program. Internet2, a nonprofit higher education consortium, administers the certification program as part of its mission to provide secure and privacy-preserving trust services for its participants. Internet2 operates the InCommon identity federation, which allows individuals to use one user ID and password (also called credentials) to access protected online resources — both internal and external to their home institution.
Internet2’s InCommon Assurance Program allows campuses to certify that, for those using more-sensitive services, there is a stronger process for issuing credentials and granting access. There are two levels of this process — called Bronze and Silver. Bronze, comparable to the National Institute of Standards and Technology Assurance 1 level, has security that slightly exceeds the confidence associated with a common Internet identity. Silver, comparable to NIST’s level of Assurance 2, has security appropriate for financial transactions. Resources likely to become among the first to require Silver include those providing online grant administration or financial aid administration.
“Meeting the standards of the InCommon Identity Assurance program enhances security by helping to ensure that access to a resource is granted to, and only to, the intended individual,” said Mary Dunker, director of Secure Information Technology Initiatives at Virginia Tech. “In addition to enabling authorized Virginia Tech users to access applications that require InCommon Silver credentials, achieving this certification further strengthened the university’s identity management processes and technology infrastructure. Now we have a greater trust in the identities of those individuals who use InCommon Silver and Bronze credentials for internal university applications.”
“I applaud Virginia Tech for their pioneering effort,” said Jack Suess, chair of the InCommon Steering Committee and vice president and chief information officer at the University of Maryland Baltimore County. “They have not only become the first to meet these more-stringent standards, but have also helped us to refine the certification process. Given that some federal agencies plan to require InCommon Silver for certain applications, this will become more and more important for research universities and organizations.”
About Internet2 and InCommon
Internet2 is a member-owned advanced technology community founded by the nation's leading higher education institutions in 1996. Internet2 provides a collaborative environment for U.S. research and education organizations to solve common technology challenges, and to develop innovative solutions in support of their educational, research, and community service missions. For more information, visit www.internet2.edu.
InCommon, operated by Internet2, serves the U.S. education and research communities, supporting a common framework of trust services, including the U.S. identity management trust federation for research and education, a community-driven Certificate Service, and a multifactor authentication program. The InCommon Federation enables scalable, trusted collaborations among its community of participants. The Certificate Service offers unlimited certificates to the U.S. higher education community for one fixed annual fee. InCommon has more than 450 participants serving 6 million faculty, students, and staff at higher education institutions and research organizations, as well as their sponsored partners. For more information, see www.incommon.org.
For media assistance, contact email@example.com or 734-352-7007.