InCommon News from the Spring Member Meeting
Assurance Program Refinement
The InCommon Identity Assurance Program is closer to adoption with the draft version 1.1 of two key documents, which were discussed at the Spring 2011 Spring Internet2 Member Meeting. Members of the InCommon TAC (Technical Advisory Committee) reviewed version 1.1 of both the Identity Assurance Profiles (IAP) and the Identity Assurance Assessment Framework (IAAF).
Final approval of the v1.1 documents by InCommon Steering is pending. The documents, along with a review guide outlining the changes from v1.0, are available at https://spaces.at.internet2.edu/x/4SM.
The original (1.0) versions of these documents were published in 2008, based on an earlier set of US government requirements. In 2009, the US government ICAM program published new requirements, generally compatible but somewhat less rigorous. In 2010, InCommon received feedback from participants attempting to comply with the InCommon documents that indicated some "pain points" and suggestions for improvement.
The v1.1 documents are intended to remove some burdensome outdated requirements and references, harmonize terminology, clarify remaining requirements, and separate technical measures from compliance processes.
The IAP defines the requirements that Identity Provider Operators must meet for Bronze and Silver identity assurance certification, which are intended to be compatible with the U.S. government’s LoA 1 and 2. The IAAF describes the identity assurance trust model that InCommon has adopted, including a functional model for IdPs, a certification model describing how certification is accomplished. It also characterizes the methodology that must be used in performing an assessment of an Identity Provider Operator.