Presentation is loading. Please wait.

Presentation is loading. Please wait.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

Published byZachery Saddler Modified over 9 years ago

Similar presentations

Presentation on theme: "InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker."— Presentation transcript:

1 InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker

2 InCommon Assurance Certification What is it? Why would I want it? How do I get it? 2

3 Assurance certification: What is it? Designation by InCommon that an Identity Provider meets criteria for one or more of InCommon Identity Assurance Profiles Bronze and Silver (IAP) Evidence that IdP meets a standard for higher education recognized by federal government Identity Assurance Qualifier added to Identity Provider’s InCommon metadata by InCommon 3

4 Assurance certification: Why would I want it? Improve identity & access management processes Improve security surrounding campus credentials Implement best practices for higher ed Allow access to federated services that require it 4

5 Assurance helps manage risk in cloud. 5

6 Assurance certification: How do I get it? 1.Join the InCommon Federation 2.Support an Identity Provider with SAML/Shibboleth 3.Read Identity Assurance Assessment Framework and Identity Assurance Profiles 4.Evaluate scope Bronze and/or Silver Users Credentials 5.Start a project 6

7 InCommon Assurance Project High level sponsor Scope Definition Audit (Silver) or attestation Gap analysis Management assertions Alternative means? Submission 7

8 Sponsorship Enlist support of friends in high places – Vice President for Information Technology & CIO. Project will span units outside your own. Human Resources and/or Payroll – employee identities Registrar/Provost – student identities ID Card-issuing office IT Security Office Internal (?) Audit 8

9 Define Scope Which users will get Assurance? What assurance level do they need? (Bronze, Silver, both?) What credentials will they use? 9

10 Audit or Attestation? Silver requires audit; auditor’s opinion attesting to Management Assertions. Bronze requires attestation, but audit can be done. “Attester” checks Bronze box on InCommon Operations Data Form and signs Assurance Addendum. Attester = Executive or person who signed InCommon Participant Agreement 10

11 Gap Analysis – IAP Criteria 4.2.1 Business, Policy and Operational Criteria 4.2.2 Registration and Identity Proofing (primarily Silver) 4.2.3 Credential Technology 4.2.4 Credential Issuance and Management 4.2.5 Authentication Process 4.2.6 Identity Information Management 4.2.7 Assertion Content 4.2.8 Technical Environment (Silver only) 11

12 For each subsection… Do we meet the criteria? Yes: What/where is the supporting evidence? Technical Documentation No: What work needs to be done? Technical? Documentation? Policy? Effort: major, moderate, or minor Who will do the work? When will the work be completed? 12

13 Management Assertions 4.2.1.1. InCommon Participant Virginia Tech is an InCommon Participant in good standing. 13

14 Evidence of compliance 4.2.1.1. InCommon Participant On, Virginia Tech received a copy of the completed InCommon Participant Agreement, signed by John Doe of Virginia Tech, and John Krienke, InCommon CEO. Most recent membership payment of $xxxx.00 was made on, with PO xxxxx. Virginia Tech is in compliance with other contractual obligations to InCommon, including posting InCommon Participant Operational Practices.InCommon Participant AgreementInCommon Participant Operational Practices 14

15 Alternative Means Equivalent or stronger methods to satisfy criteria in the IAP. Multi-factor Active Directory Your alternative means here… 15

16 Alternative Means submission Prior to applying for certification At the time of application Community contribution See http://www.incommonfederation.org/assurance/ alternativemeans.html http://www.incommonfederation.org/assurance/ alternativemeans.html 16

17 Audit Report Date Auditor identification and qualifications Outline of audit methodology Statement of whether the IdPO conforms with all requirements of each IAP (Bronze, Silver.) See IAAF Section 4.2 17

18 Application Packet Bronze: Assurance Addendum Silver: Audit summary Assurance addendum (must also apply for Bronze) Alternative means if applicable Approval process takes approximately one month. 18

19 Resources The program http://www.incommonfederation.org/assuranc e/ http://www.incommonfederation.org/assuranc e/ The Assessment Framework (IAAF) http://www.incommon.org/docs/assurance/IA AF.pdf http://www.incommon.org/docs/assurance/IA AF.pdf Identity Assurance Profiles (IAP) http://www.incommon.org/docs/assurance/IA P.pdf http://www.incommon.org/docs/assurance/IA P.pdf 19

20 Resources, continued… Gap Analysis Templates https://spaces.internet2.edu/display/InCAssur ance/Gap+Analysis+Templates https://spaces.internet2.edu/display/InCAssur ance/Gap+Analysis+Templates Generalized Management Assertions https://spaces.internet2.edu/display/InCAssur ance/Generalized+Management+Assertions https://spaces.internet2.edu/display/InCAssur ance/Generalized+Management+Assertions Alternative Means http://www.incommonfederation.org/assuranc e/alternativemeans.html http://www.incommonfederation.org/assuranc e/alternativemeans.html 20

21 Resources, continued… Submission – See FAQ http://www.incommonfederation.org/assuranc e/faq.html http://www.incommonfederation.org/assuranc e/faq.html Audit requirements -- See IAAF section 4.2 Assurance Addendum and US FICAM Privacy Assurance Criteria http://www.incommonfederation.org/docs/ass urance/Assurance_Addendum.pdf http://www.incommonfederation.org/docs/ass urance/Assurance_Addendum.pdf 21

22 Resources, continued… Virginia Tech Assurance Implementation Example https://spaces.internet2.edu/display/InCAssur ance/Assurance+Implementation+Example+- +Virginia+Tech https://spaces.internet2.edu/display/InCAssur ance/Assurance+Implementation+Example+- +Virginia+Tech CAS integration https://wiki.jasig.org/display/CASUM/Shibboleth -CAS+Integration dunker@vt.edu 22

Download ppt "InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker."

Similar presentations

June 27, 2005 Preparing your Implementation Plan.

June 27, 2005 Preparing your Implementation Plan.
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Going for the Silver Winter 2010 CSG January 13, 2010.

Going for the Silver Winter 2010 CSG January 13, 2010.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.

Enterprise Architecture 2014 EAAF as a vehicle for LoA Using EAAF processes to incrementally approach InCommon/UCTrust certification.
EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.

EDUCAUSE Best Practices Build Better Systems Ann West, InCommon Dedra Chamberlin, UC Berkeley.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, 2002. Established.

Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.

Information Resources and Communications University of California, Office of the President UCTrust David Walker Office of the President University of California.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
EMS Auditing Definitions

EMS Auditing Definitions
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.

Similar presentations

Ads by Google