Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security

InCommon Silver FAQ

This article provides answers to frequently asked questions about the InCommon Silver program.

What is InCommon?

What is InCommon Silver?

Is there an InCommon Gold or Platinum or Bronze or Copper etc.?

Why is InCommon Silver important to the University?

Do I need InCommon Silver?

What is identity assurance or an identity assertion?

How do I get InCommon Silver for myself?

Why do I have to provide a non-University email address or phone number during the identity verification process?

Why do I have to change my password/passphrase?

What are our password/passphrase requirements for InCommon Silver?

Why can't I have someone take care of this identity verification step for me?

How do I check to see if I have completed all the steps to become InCommon Silver certified?

Who do I contact if I have more questions about InCommon Silver?


What is InCommon?

InCommon is a federation of U.S. education and research communities, supporting a common framework for trustworthy shared management of access to online resources. Through InCommon, Identity Providers can give their users single sign-on convenience and privacy protection, while online Service Providers control access to their protected resources. The University of Chicago is a member of InCommon.

What is InCommon Silver?

InCommon Silver is an identity assurance framework which establishes standards by which service providers can have a certain level of assurance that identity providers who make assertions regarding individuals' identities have reasonable processes and technical controls in place to insure that the individuals are indeed the people whom they say they are. Silver is meant to map to the US Federal level of assurance (LOA) 2 as defined by the Federal Identity, Credential, and Access Management (FICAM) Guidance. c.f. IDManagement.gov

Is there an InCommon Gold or Platinum or Bronze or Copper etc.?

The federal government has defined four levels of assurance; however, InCommon currently only plans to support levels 1 and 2, or Bronze and Silver within InCommon. The University is focused on supporting Silver at this time, because it is most likely to be of value to community members. By supporting Silver, we will be capable of supporting Bronze as well.

Why is InCommon Silver important to the University?

A growing number of organizations have indicated that they intend to require Silver assertions in order for people to be able to utilize some of their services. These include federal organizations such as the National Institutes of Health (NIH), private organizations such as the National Student Clearinghouse, and research services such as the Teragrid and Open Sciences Grid.

Do I need InCommon Silver?

You may need the University to be able to make InCommon Silver identity assertions on your behalf if you need to work with an external organization that requires these, such as those named above. At this time, we have not implemented any internal services that require InCommon Silver assertions, but may at a later date.

What is identity assurance or an identity assertion?

When I (Identity Provider) assert to a third party (Relying Party or Service Provider) that you (subject) are who I say you are, that third party can trust that I have appropriate policies and practices in place (Identity Verification Process or Proofing) to insure that I knew with reasonable certainty who you were when your identity was created (Registration) and I issued you the credentials. Further, that I have sufficient policies, practices, and technologies in place that the relying party can be reasonably sure that the credentials have not been compromised.

How do I get InCommon Silver for myself?

Your existing University credentials (CNetID and password/passphrase) are what you will use to access services requiring InCommon Silver. However, in order to have your credentials enabled for Silver you will have to go through an additional "in person" identity proofing process. The steps to do this are:

  1. Provide the IPO with a non-University email address or a cell phone number at which you can receive SMS text messages. You can do this any time at the CNet website.
  2. Go to the Identification and Privileges Office (IPO) in Regenstein Library for the "in-person" proofing.
  3. Bring a government issued photo ID.
  4. Finally, you should be prepared to change your password/passphrase in order to become enabled for Silver.

Why do I have to provide a non-University email address or phone number during the identity verification process?

In the event that either we or you suspect that your CNetID and password/passphrase have been compromised, we will need a means of communication that is not dependent on CNetID and password/passphrase. If we used your University email address and your password/passphrase was stolen, the communications might be intercepted. We also need an "Address of Record" for you in order to enable you for InCommon Silver. Your email address or cell phone can serve both purposes.

This means that if you need to change your password/passphrase, an authorization code will be sent to your Address of Record. You will then be required to enter the authorization code for the password/passphrase change to be effective.

Why do I have to change my password/passphrase?

Since we are relying on CNetIDs and passwords/passphrases for InCommon Silver, we have to be certain at the time you're enabled for Silver that your password/passphrase has not been compromised. An additional requirement is that passwords/passphrases have to be changed on a regular basis to reduce the likelihood of someone "hacking" your password/passphrase. People with InCommon Silver enabled credentials will have to change their passwords/passphrases at least annually.

What are our password/passphrase requirements for InCommon Silver?

As noted above, InCommon Silver has specific requirements for passwords/passphrases intended to reduce the risk of their being compromised by hackers. In addition to changing your password annually, your password must be at least twelve (12) characters in length, contain characters from at least three of the categories below, and must not be based on a dictionary word or a simple pattern such as ABCdefG. Your password must also not match any password you have previously used.

 Password Requirements  Examples
 Uppercase Letters  ABCDEFGHIJKLMNOPQRSTUVWXYZ
 Lowercase Letters  abcdefghijklmnopqrstuvwxyz
 Numerals  0123456789
 Symbols  !@#$%&*() -+= _|\ [] {} <> ,.:;

The CNetID passphrase is an alternative to the CNetID password and functions identically to a CNetID password by authenticating you for all the common services you are eligible to use based on your affiliation with the University. Passphrases are simple sentences that use length instead of complexity to make them secure. Passphrases at the University of Chicago must be at least nineteen (19) characters in length, which can include punctuation and spaces. Passphrases should never include well-known or famous lines/lyrics, etc.

For more on passphrases, and for tips on selecting good passwords and passphrases, see the article "Choosing Good Passwords and Passphrases and Keeping Them Secure."

Why can't I have someone take care of this identity verification step for me?

Since the purpose of gradated levels of assurance for identities is to implement increasingly stronger verification and surety regarding individuals' identities, asking someone else to go through the identity verification process in your place would be counter to the goal of the effort. In the future, we may implement processes to enable remote verification for university community members who cannot come to the Hyde Park campus, but this is not currently possible.

How do I check to see if I have completed all the steps to become InCommon Silver certified?

Go to the whoami website and click on the Silver Assurance tab on the top right of the page; this will show you a check list of all the required steps to assert InCommon silver and your status for each step. Once you have completed all the steps, all check boxes will be green and you will see a round silver stamp next to your name.

Who do I contact if I have more questions about InCommon Silver?

Contact the IT Services Service Desk.




Keywords:accreditation loa ficam   Doc ID:28516
Owner:Astrid F.Group:University of Chicago
Created:2013-02-06 15:24 CSTUpdated:2016-05-11 09:29 CST
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  3   1