April 12, 2021
In just one month about one-quarter of InCommon organizations have already met the second set of the InCommon Federation Baseline Expectations for Trust in Federation. These requirements will improve both trust and interoperability by ensuring that all organizations meet certain standards.
As of April 9, 23% of all InCommon organizations adhere to the new expectations, up from just 8% when the program was released. The requirements include:
- Securing all endpoints (e.g. URLs) with HTTPS and associated security protocols
- Adopting the standardized incident response framework SIRTFI (Security Incident Response Trust Framework for Federated Identity)
- For identity providers, including an error URL in their InCommon listing, providing users with appropriate information to resolve issues (50% of identity providers have already met this expectation)
This is the second round of Baseline Expectations, a project led by the InCommon Community Trust and Assurance Board (CTAB). The expectations have gone through an extensive community vetting process, including webinars, communications, and a community consensus period.
CTAB will hold an open office hour on Tuesday, April 20, to answer questions about meeting the expectations (1 pm ET, Noon CT, 11 am MT, 10 am PT) (Zoom link).
The InCommon wiki includes more details about the expectations, as well as a progress graph updated each business day.I