InCommon Assurance Program
The InCommon Assurance Program is based on the tenet that good security and identity practices help ensure that an individual using an electronic credential is the person you think he or she is. For Service Providers in an identity federation, having Identity Provider Operators support a standard practice set (or profile) can mitigate the risk of service compromise. For Identity Providers it is a way to provide single sign-on access to applications requiring an increased level of confidence in a credential.
InCommon has two available profiles, Bronze and Silver, both approved by the US government's Identity Credential and Access Management program. The profiles are written by higher education for higher education, and are compatible with the US government's NIST Levels of Assurance 1 and 2.
The Community Trust and Assurance Board or CTAB (known as the AAC prior to 2018) is leading the community in developing a program of Baseline Expectations for Trust in Federation.
For complete information, see https://www.incommon.org/assurance/ .
Benefits of Assurance
- Increases Confidence; Reduces Risk — Service Providers, whether on- or off-campus, have increased confidence because standards-based identity practices ensure that their risk requirements are met.
- Getting Past Passwords — While many security experts deem passwords a thing of the past, we will continue to support them, even as we move to more secure methods. The Assurance profiles provide expert community guidance on managing your password-based infrastructures. Certification sends a message that you use a community standard that’s been approved by the U.S. government.
- It’s not NIST 800-63. It’s Higher Ed’s Version — InCommon’s profiles are written by higher education for higher education and account for the unique needs and broad diversity of our campuses. The profiles are also comparable to level of assurance 1 and 2 described in the NIST 800-63 Electronic Authentication Guideline [PDF], meaning they meet the U.S. government's standards, as well.
- Saves Time When Adding New Customers — Service Providers can rely on community-accepted standards in assessing Identity Provider systems, eliminating the burden of individual campus assessments. This will greatly reduce the time required to add new certified Identity Providers.
- Access to Higher-Value Services — Certified Identity Providers can provide federated access to financial and health-related applications, sensitive research information, and other services that require greater confidence in an identity.
- Protects Your Investment — InCommon is an approved Trust Framework Provider under the U.S. Identity, Credential, and Access Management Trust Framework Program. You’re one among many using this program.
For complete details, see assurance.incommon.org.
There is no cost for an Identity Provider (IdP) or Service Provider (SP) to participate in the InCommon Assurance Program.
To view the InCommon Assurance FAQs please see https://www.incommon.org/assurance/faq.html
The InCommon Assurance Program is open to Identity Provider Operators from these types of organizations:
- Higher Education
- Research Organizations
- Not-for-profit Sponsored Partners (except those that offer consumer-oriented identity services)
Please email email@example.com if you have questions or need help determining eligibility.