Presentation is loading. Please wait.

Presentation is loading. Please wait.

InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker.

Similar presentations


Presentation on theme: "InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker."— Presentation transcript:

1 InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker

2 InCommon Assurance Certification What is it? Why would I want it? How do I get it? 2

3 Assurance certification: What is it? Designation by InCommon that an Identity Provider meets criteria for one or more of InCommon Identity Assurance Profiles Bronze and Silver (IAP) Evidence that IdP meets a standard for higher education recognized by federal government Identity Assurance Qualifier added to Identity Provider’s InCommon metadata by InCommon 3

4 Assurance certification: Why would I want it? Improve identity & access management processes Improve security surrounding campus credentials Implement best practices for higher ed Allow access to federated services that require it 4

5 Assurance helps manage risk in cloud. 5

6 Assurance certification: How do I get it? 1.Join the InCommon Federation 2.Support an Identity Provider with SAML/Shibboleth 3.Read Identity Assurance Assessment Framework and Identity Assurance Profiles 4.Evaluate scope Bronze and/or Silver Users Credentials 5.Start a project 6

7 InCommon Assurance Project High level sponsor Scope Definition Audit (Silver) or attestation Gap analysis Management assertions Alternative means? Submission 7

8 Sponsorship Enlist support of friends in high places – Vice President for Information Technology & CIO. Project will span units outside your own. Human Resources and/or Payroll – employee identities Registrar/Provost – student identities ID Card-issuing office IT Security Office Internal (?) Audit 8

9 Define Scope Which users will get Assurance? What assurance level do they need? (Bronze, Silver, both?) What credentials will they use? 9

10 Audit or Attestation? Silver requires audit; auditor’s opinion attesting to Management Assertions. Bronze requires attestation, but audit can be done. “Attester” checks Bronze box on InCommon Operations Data Form and signs Assurance Addendum. Attester = Executive or person who signed InCommon Participant Agreement 10

11 Gap Analysis – IAP Criteria Business, Policy and Operational Criteria Registration and Identity Proofing (primarily Silver) Credential Technology Credential Issuance and Management Authentication Process Identity Information Management Assertion Content Technical Environment (Silver only) 11

12 For each subsection… Do we meet the criteria? Yes: What/where is the supporting evidence? Technical Documentation No: What work needs to be done? Technical? Documentation? Policy? Effort: major, moderate, or minor Who will do the work? When will the work be completed? 12

13 Management Assertions InCommon Participant Virginia Tech is an InCommon Participant in good standing. 13

14 Evidence of compliance InCommon Participant On, Virginia Tech received a copy of the completed InCommon Participant Agreement, signed by John Doe of Virginia Tech, and John Krienke, InCommon CEO. Most recent membership payment of $xxxx.00 was made on, with PO xxxxx. Virginia Tech is in compliance with other contractual obligations to InCommon, including posting InCommon Participant Operational Practices.InCommon Participant AgreementInCommon Participant Operational Practices 14

15 Alternative Means Equivalent or stronger methods to satisfy criteria in the IAP. Multi-factor Active Directory Your alternative means here… 15

16 Alternative Means submission Prior to applying for certification At the time of application Community contribution See alternativemeans.html alternativemeans.html 16

17 Audit Report Date Auditor identification and qualifications Outline of audit methodology Statement of whether the IdPO conforms with all requirements of each IAP (Bronze, Silver.) See IAAF Section

18 Application Packet Bronze: Assurance Addendum Silver: Audit summary Assurance addendum (must also apply for Bronze) Alternative means if applicable Approval process takes approximately one month. 18

19 Resources The program e/ e/ The Assessment Framework (IAAF) AF.pdf AF.pdf Identity Assurance Profiles (IAP) P.pdf P.pdf 19

20 Resources, continued… Gap Analysis Templates https://spaces.internet2.edu/display/InCAssur ance/Gap+Analysis+Templates https://spaces.internet2.edu/display/InCAssur ance/Gap+Analysis+Templates Generalized Management Assertions https://spaces.internet2.edu/display/InCAssur ance/Generalized+Management+Assertions https://spaces.internet2.edu/display/InCAssur ance/Generalized+Management+Assertions Alternative Means e/alternativemeans.html e/alternativemeans.html 20

21 Resources, continued… Submission – See FAQ e/faq.html e/faq.html Audit requirements -- See IAAF section 4.2 Assurance Addendum and US FICAM Privacy Assurance Criteria urance/Assurance_Addendum.pdf urance/Assurance_Addendum.pdf 21

22 Resources, continued… Virginia Tech Assurance Implementation Example https://spaces.internet2.edu/display/InCAssur ance/Assurance+Implementation+Example+- +Virginia+Tech https://spaces.internet2.edu/display/InCAssur ance/Assurance+Implementation+Example+- +Virginia+Tech CAS integration https://wiki.jasig.org/display/CASUM/Shibboleth -CAS+Integration 22


Download ppt "InCommon Assurance Certification VA-SCAN October 3, 2013 Mary Dunker."

Similar presentations


Ads by Google