AAAI-06

Does your organization participate in InCommon or another eduGAIN-affiliated trust federation?

Explanation

This question is asking whether your organization participates in identity federation systems specifically designed for educational and research institutions. InCommon is a trust federation for U.S. education and research organizations that provides a secure and privacy-preserving trust fabric for single sign-on access to online resources. eduGAIN is a global service that interconnects identity federations around the world, including InCommon. Why this matters in security assessments: 1. Single Sign-On (SSO): These federations enable users to access multiple services with one set of credentials, reducing password fatigue and improving security. 2. Standardized Authentication: They implement consistent authentication protocols and security practices across member institutions. 3. Trust Framework: Participation indicates your organization adheres to certain identity and access management standards. 4. Inter-institutional Collaboration: It facilitates secure sharing of resources between educational and research organizations. The assessor wants to know if your organization leverages these established trust frameworks, which can indicate mature identity management practices and the ability to integrate securely with educational institutions. If you don't participate, it doesn't necessarily mean your security is inadequate, but you may need to explain your alternative approaches to secure authentication for educational clients.

Example Responses

Example Response 1

Yes, our organization is a member of InCommon Federation We joined in 2018 and maintain active participation to support our educational clients Our identity management system is fully integrated with InCommon, allowing seamless and secure single sign-on capabilities for users from member institutions We regularly review and update our federation metadata and follow all InCommon security and privacy requirements.

Example Response 2

Our organization participates in the Canadian Access Federation (CAF), which is affiliated with eduGAIN Through this participation, we support federated identity management that allows secure authentication across international research and education communities We've implemented SAML 2.0 compliant services and maintain our federation metadata according to eduGAIN standards This enables our platform to integrate with identity providers from educational institutions worldwide.

Example Response 3

No, our organization does not currently participate in InCommon or any eduGAIN-affiliated trust federation Instead, we have implemented our own identity management system that supports SAML 2.0 and OpenID Connect protocols for integration with educational institutions' authentication systems on a case-by-case basis While we recognize the benefits of federation participation, our current client base hasn't required this specific integration We're evaluating potential membership in InCommon for the future as we expand our services to more educational institutions.

Context

Tab
Product
Category
Authentication, Authorization, and Account Management

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron