CILogon Basic Assurance and IGTF IOTA

Post date: Jan 9, 2014 9:55:54 PM

CILogon supports multiple levels of assurance using three certification authorities (CAs). Today only the CILogon Silver CA, which relies on the InCommon Silver level of assurance, is accredited by the International Grid Trust Federation (IGTF), so only users from InCommon Silver identity providers can obtain IGTF certificates from CILogon. IGTF provides a valuable international standard for certificates accepted by cyberinfrastructure providers such as XSEDE, OSG, EGI, WLCG, PRACE, and others.

To provide IGTF certificates to users from all InCommon identity providers, we are now pursuing IGTF accreditation of the CILogon Basic CA under a new IGTF authentication profile called Identifier-Only Trust Assurance with Secured Infrastructure (IOTA). The IOTA profile recognizes that cyberinfrastructure providers and virtual organizations often vet user identities according to their own requirements, reducing their reliance on the identity vetting performed by CAs. IOTA requires CAs to ensure unique identification of users, but IOTA CAs are not required to verify the user's legal name or check government issued identity documents. This matches well with InCommon identities that have not (yet) achieved the Silver level.

Endorsement of version 1.0 of the IGTF IOTA profile is an agenda item for the upcoming EUGridPMA meeting (Jan 13-15 2014). EUGridPMA is one of three regional Policy Management Authorities (PMAs) that constitute the IGTF. Once the IOTA profile is finalized, we will submit the CILogon Basic CA to TAGPMA (our regional PMA) for accreditation.