Skip to Content.
Sympa Menu

ad-assurance - Re: [AD-Assurance] Alternative Means for Satisfying Requirements 4.2.5.1 4.2.5.2, and 4.2.8.2.1

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

Re: [AD-Assurance] Alternative Means for Satisfying Requirements 4.2.5.1 4.2.5.2, and 4.2.8.2.1


Chronological Thread 
  • From: David Walker <>
  • To:
  • Cc: DHW <>
  • Subject: Re: [AD-Assurance] Alternative Means for Satisfying Requirements 4.2.5.1 4.2.5.2, and 4.2.8.2.1
  • Date: Fri, 12 Apr 2013 07:38:19 -0700
  • Authentication-results: sfpop-ironport01.merit.edu; dkim=pass (signature verified)

Thanks, Jeff.  Most of the work was really Ron's.

We should probably talk briefly about the time component.  I said 72 hours, as that's what's said about credential compromise, but Ron had suggested 12-24 hours, which is probably equally attainable, assuming automation.

David

On Fri, 2013-04-12 at 00:02 +0000, Capehart,Jeffrey D wrote:
Nicely written up, David!

 

You may want to do a quick review of the IAP criteria section numbers to make sure they are represented consistently and accurately throughout the page.

Jeff

 

From: [mailto:] On Behalf Of David Walker
Sent: Thursday, April 11, 2013 5:15 PM
To:
Cc: DHW
Subject: [AD-Assurance] Alternative Means for Satisfying Requirements 4.2.5.1 4.2.5.2, and 4.2.8.2.1


 

Everyone,

As mentioned in last week's call, I've modify Ron's alternative means statement for sections 4.2.5.1, 4.2.5.2, and 4.2.8.2.1 to include the more general reasoning I had drafted earlier about using monitoring to comply with technical requirements that have an implicit assumption of "correct" end-user behavior.  The result is in a wiki page at:

https://spaces.internet2.edu/x/FoFHAg


This is a subpage of our "Restricted Working Group Documents" page; I've also moved my more general statement there so that people looking over our shoulders don't think it's a direction we're taking.

David






Archive powered by MHonArc 2.6.16.

Top of Page