Harvard University has become certified for the InCommon Bronze Identity Assurance Profile under the InCommon Assurance Program. The Assurance Program allows Identity Providers to demonstrate security and trust through the use of standards-based identity practices.
Harvard used the representation of conformance method for qualifying for Bronze certification. This simplified approach requires no audit; the identity provider attests to compliance by signing the assurance addendum to the InCommon participation agreement.
“InCommon participation and certification addresses several of our key tenets – simplifying the user experience, enabling research and collaboration, and protecting university resources,” said Scott Badner, senior technology consultant at Harvard. “This makes good on our vision goals of providing secure, easy access to applications via solutions requiring fewer login credentials, enabling collaboration across and beyond Harvard.”
InCommon developed the assurance program as part of its mission to provide secure and privacy-preserving trust services for its participants. Enabling higher-value, higher-risk services requires increased trust by the organizations that run the identity and cloud services.
InCommon currently has two identity assurance profiles that have been approved by the U.S. government: InCommon Bronze and Silver. Bronze, comparable to the National Institute of Standards and Technology (NIST) Assurance 1 level, has credential security associated with basic Internet interactions. Silver, comparable to NIST’s level of Assurance 2, requires proof of identity and has security appropriate for higher-risk transactions.
More information about the assurance program is at assurance.incommon.org.