Frequently Asked Questions (FAQ):
- When I log on at https://cilogon.org/, why do I see "Level of Assurance: Basic" rather than "Level of Assurance: Silver"?
- Users will see "Level of Assurance: Basic" if their authentication attributes from their identity provider do not meet the Silver Policy requirements. To check, visit https://test.cilogon.org/testidp/ and Log On. In the list of SAML Attributes shown, confirm that Level of Assurance contains https://refeds.org/assurance/profile/cappuccino and AuthnContextClassRef contains https://refeds.org/profile/sfa or https://refeds.org/profile/mfa. If it doesn't, look in the list of Metadata Attributes for the Support Contact for your identity provider and contact them for assistance.
- In the case of the XSEDE IdP, Level of Assurance will contain https://refeds.org/assurance/profile/cappuccino only if the user is on an active allocation as shown at https://portal.xsede.org/allocations/usage.
- 188.8.131.52.4.1.349184.108.40.206 (Nov 6 2018): Updates to address TAGPMA review: add support for standard IGTF Robot DNs (Section 3.1.1), require REFEDS SFA/MFA authentication profile in combination with Cappuccino (Section 3.2), and archive snapshots of InCommon/eduGAIN metadata (Section 5.4.1).
- 220.127.116.11.4.1.34918.104.22.168 (Oct 15 2018): Replaced references to InCommon Silver Identity Assurance Profile with references to REFEDS Assurance Framework’s Cappuccino Profile (Section 3.2). Allow identification and authentication of certificate applicants via eduGAIN (Section 3.2.2). Support Robot certificates (Section 3.1.1). Document use of OAuth for grid portals (Section 4.1.2). Add E-mail Protection to X509v3 Extended Key Usage certificate extension (Section 7.1.2).
- 22.214.171.124.4.1.349126.96.36.199 (Dec 3 2014): Minor updates for InCommon Silver Identity Assurance Profile v1.1. Increase CRL validity period from two weeks to 30 days (Section 2.3). Added ORNL site information (Section 5.1).
- 188.8.131.52.4.1.349184.108.40.206 (Feb 3 2011): Further clarify process for CA generation of subscriber private keys.
- 220.127.116.11.4.1.34918.104.22.168 (Jan 12 2011): Allow CA generation of private keys (for TAGPMA discussion).
- 22.214.171.124.4.1.349126.96.36.199 (Dec 14 2010): Added SHA-2 hash functions per NIST Policy.
- 188.8.131.52.4.1.349184.108.40.206 (Oct 6 2010): Approved under the IGTF MICS Profile by TAGPMA vote on Oct 6 2010 in Lubbock, Texas.
- 220.127.116.11.4.1.34918.104.22.168 (Oct 5 2010): Submitted to TAGPMA reviewers on Oct 5 2010. Modified to comply with MICS Profile instead of SLCS Profile (i.e., reverted to Version 4 content).
- 22.214.171.124.4.1.349126.96.36.199 (Sep 28 2010): Submitted to TAGPMA reviewers on Sep 28 2010. Modified to comply with SLCS Profile instead of MICS Profile.
- 188.8.131.52.4.1.349184.108.40.206 (Sep 13 2010): Submitted to TAGPMA reviewers on Sep 13 2010, addressing review comments received to-date.
- 220.127.116.11.4.1.34918.104.22.168 (Jul 28 2010): Submitted to TAGPMA reviewers on Jul 28 2010, addressing review comments received to-date.
- 22.214.171.124.4.1.349126.96.36.199 (Apr 2 2010): Submitted to TAGPMA reviewers on Apr 2 2010, addressing review comments received to-date.
- 188.8.131.52.4.1.349184.108.40.206 (Jan 15 2010): Submitted to TAGPMA reviewers on Jan 15 2010.