Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security

InCommon Silver FAQ

This article provides answers to frequently asked questions about the InCommon Silver program.

What is InCommon?

What is InCommon Silver?

Is there an InCommon Gold or Platinum or Bronze or Copper etc.?

Why is InCommon Silver important to the University?

Do I need InCommon Silver?

What is identity assurance or an identity assertion?

How do I get InCommon Silver for myself?

Why do I have to provide a non-University email address or phone number during the identity verification process?

Why do I have to change my password/passphrase?

What are our password/passphrase requirements for InCommon Silver?

Why can't I have someone take care of this identity verification step for me?

How do I check to see if I have completed all the steps to become InCommon Silver certified?

Who do I contact if I have more questions about InCommon Silver?


What is InCommon?

InCommon is a federation of U.S. education and research communities, supporting a common framework for trustworthy shared management of access to online resources. Through InCommon, identity providers can give their users single sign-on convenience and privacy protection, while service providers control access to their protected resources. The University of Chicago is a member of InCommon.

What is InCommon Silver?

InCommon Silver is an identity assurance framework which establishes standards by which service providers can have a certain level of assurance that identity providers who make assertions regarding individuals' identities have reasonable processes and technical controls in place to confirm that people are who they say they are. Silver is designed to meet the U.S federal level of assurance (LOA) 2 as defined by the Federal Identity, Credential, and Access Management (FICAM) Guidance.

Is there an InCommon Gold, Platinum, Bronze, or Copper?

The federal government has defined four levels of assurance; however, InCommon currently only plans to support levels 1 and 2, or Bronze and Silver within InCommon. The university is focused on supporting Silver at this time because it is most likely to be of value to community members. By supporting Silver, we will be capable of supporting Bronze as well.

Why is InCommon Silver important to the university?

A growing number of organizations have indicated that they intend to require Silver assertions in order for people to be able to utilize some of their services. These include federal organizations such as the National Institutes of Health, private organizations such as the National Student Clearinghouse, and research services such as the Teragrid and Open Sciences Grid.

Do I need InCommon Silver?

You may need the university to make InCommon Silver identity assertions on your behalf if you need to work with an external organization that requires these. At this time, we have not implemented any internal services that require InCommon Silver assertions but we may at a later date.

What is identity assurance or an identity assertion?

When UChicago, as an identity provider, attests to a third party that you are who we say you are, that third party can trust that we have appropriate policies and practices in place to confirm with reasonable certainty who you were when your identity was registered with us and we issued your credentials. Further, that third party can trust that we have sufficient policies, practices, and technologies in place to be reasonably sure that your credentials have not been compromised.

How do I get InCommon Silver for myself?

Your existing university credentials (CNetID and password or passphrase) are what you will use to access services requiring InCommon Silver. However, in order to have your credentials enabled for Silver, you will have to go through additional in-person identity verification. To do this:

  1. Provide the Identity & Privileges Office (IPO) with a non-university email address or a cell phone number at which you can receive SMS text messages. You can do this any time at the CNetID website.
  2. Go to the IPO in Regenstein Library for in-person identity verification.
  3. Bring a government issued photo ID.
  4. You should be prepared to change your password or passphrase in order to be registered for Silver.

Why do I have to provide a non-university email address or phone number during the identity verification process?

In the event that either we or you suspect that your CNetID and password or passphrase have been compromised, we will need a means of communication that is not dependent on your CNetID credentials. If we use your university email address and your password or passphrase is stolen, the communications might be intercepted. We also need an external contact for you in order to enable you for InCommon Silver. Your email address or cell phone can serve both purposes.

This means that if you need to change your password or passphrase, an authorization code will be sent to your non-university email address. You will need to enter the authorization code to complete the password or passphrase change.

Why do I have to change my password or passphrase?

Since we are relying on CNetIDs and passwords or passphrases for InCommon Silver, we have to be certain at the time you're enabled for Silver that your password or passphrase is not compromised. We also require you to change passwords or passphrases on a regular basis to reduce the likelihood that someone may steal your password or passphrase. People with InCommon Silver-enabled credentials must change their passwords or passphrases at least annually.

What are our password and passphrase requirements for InCommon Silver?

As noted above, InCommon Silver has specific requirements for passwords and passphrases. These requirements reduce the risk of compromise by hackers. In addition to changing your password annually, your password must be:

  • At least 12 characters long
  • Contain characters from at least three of the categories in the table below
  • Must not be based on a dictionary word or a simple pattern such as ABCdefG.
  • Different from any password you have previously used.
Password Requirements Examples
Uppercase LettersABCDEFGHIJKLMNOPQRSTUVWXYZ
Lowercase Lettersabcdefghijklmnopqrstuvwxyz
Numerals0123456789
Symbols!@#$%&*() -+= _|\ [] {} <> ,.:;

The CNetID passphrase is an alternative to the CNetID password. A passphrase serves the same purpose as a CNetID password. Passphrases are simple sentences that use length instead of complexity to make them secure. Passphrases at the University of Chicago must be at least 19 characters long, including punctuation and spaces. Passphrases should never include famous sayings, quotations, song lyrics, etc.

For more on passphrases, and for tips on selecting good passwords and passphrases, see the article Choosing Good Passwords and Passphrases and Keeping Them Secure.

Why can't I have someone take care of this identity verification step for me?

The purpose of graded levels of identity assurance is to implement stronger verification and certainty regarding individuals' identities. Sending someone else to verify your identity in your place would defeat that purpose.

In the future, we may provide a way for you to verify your identity remotely if you cannot come to the Hyde Park campus, but this is not currently possible.

How do I check to see if I have completed all the steps to become InCommon Silver certified?

Go to the whoami website and click the Silver Assurance tab on the top right of the page. This will show you a check list of all the required steps to complete your InCommon Silver certification and your completion status for each step. Once you have completed all the steps, all of the checkboxes will be green and you will see a round silver stamp next to your name.

Who do I contact if I have more questions about InCommon Silver?

Contact the IT Services Service Desk.




Keywords:accreditation, loa, ficam   Doc ID:28516
Owner:Astrid F.Group:University of Chicago
Created:2013-02-06 16:24 CDTUpdated:2017-04-20 10:43 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  3   1