Meeting the InCommon Assurance profile criteria using Active Directory

["Michael W. Brogan" <>]

Looks like I misinterpreted the Cookbook on that one. Although 4.2.5.3 is covered, the Cookbook doesn’t state that the requirement applies to AD-DS. I think I can remove my comment about 4.2.5.3 from the Scope section.

 

I think I should add 4.2.8.2 as it adds “protected channel” to the transmission requirements listed previously, some of which don’t specifically call for a protected channel.

 

--Michael

 

From: [mailto:] On Behalf Of David Walker
Sent: Friday, March 08, 2013 3:51 PM
To:
Subject: Re: [AD-Assurance] Draft scope statement

 

Looks good, Michael.

Regarding 4.2.5.3, I agree with the AD Cookbook's assessment that it's not relevant to IdP <=> Verifier communication.  The relevant section would be 4.2.8.2 (S) Network Security, which says, "1. Appropriate measures shall be used to protect the confidentiality and integrity of network communications supporting IdMS operations.  Protected Channels should be used for communications between systems."

David

On Fri, 2013-03-08 at 22:31 +0000, Michael W. Brogan wrote:

I’ve posted a draft scope statement on the wiki: https://spaces.internet2.edu/x/-QwwAg

 

The material Mark previously added to the page regarding mapping of AD products to the IdMS functional model is a different sort of thing from the scope of our effort,  but it’s valuable background. For now I just gave it a new subheading and kept the content on the Charter/Scope page, but it might work better as a separate reference page.

 

--Michael