Skip to Content.
Sympa Menu

ad-assurance - Re: [AD-Assurance] Alternative Means for Satisfying Requirements, and

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

Re: [AD-Assurance] Alternative Means for Satisfying Requirements, and

Chronological Thread 
  • From: David Walker <>
  • To:
  • Cc: DHW <>
  • Subject: Re: [AD-Assurance] Alternative Means for Satisfying Requirements, and
  • Date: Fri, 12 Apr 2013 07:38:19 -0700
  • Authentication-results:; dkim=pass (signature verified)

Thanks, Jeff.  Most of the work was really Ron's.

We should probably talk briefly about the time component.  I said 72 hours, as that's what's said about credential compromise, but Ron had suggested 12-24 hours, which is probably equally attainable, assuming automation.


On Fri, 2013-04-12 at 00:02 +0000, Capehart,Jeffrey D wrote:
Nicely written up, David!


You may want to do a quick review of the IAP criteria section numbers to make sure they are represented consistently and accurately throughout the page.



From: [mailto:] On Behalf Of David Walker
Sent: Thursday, April 11, 2013 5:15 PM
Subject: [AD-Assurance] Alternative Means for Satisfying Requirements, and



As mentioned in last week's call, I've modify Ron's alternative means statement for sections,, and to include the more general reasoning I had drafted earlier about using monitoring to comply with technical requirements that have an implicit assumption of "correct" end-user behavior.  The result is in a wiki page at:

This is a subpage of our "Restricted Working Group Documents" page; I've also moved my more general statement there so that people looking over our shoulders don't think it's a direction we're taking.


Archive powered by MHonArc 2.6.16.

Top of Page