Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] Microsoft Strategy / FICAM / Kantara

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] Microsoft Strategy / FICAM / Kantara


Chronological Thread 
  • From: "Capehart,Jeffrey D" <>
  • To: "" <>
  • Subject: [AD-Assurance] Microsoft Strategy / FICAM / Kantara
  • Date: Mon, 6 May 2013 21:35:25 +0000
  • Accept-language: en-US
  • Authentication-results: sfpop-ironport04.merit.edu; dkim=neutral (message not signed) header.i=none

On the question “Does Microsoft have a strategy for supporting compliance with the Federal Identity, Credential, and Access Management (FICAM) requirements at LoA-2? If so, what is the time frame?”

 

Note that Microsoft is a partner with Kantara, and that AD-FS was listed as the Microsoft technology adopted that passed “IdP Lite” level

 

Presumably they passed based on the Common Criteria EAL4 done for Windows Vista and Server 2008?

 

Perhaps the question to ask is how does AD-FS and AD-DS meet the SP 800-63 approved algorithm requirement for stored authentication secrets, and other aspects per our gaps table?

 

When I looked at the documents, it seemed as if there was a reliance on AD-DS by AD-FS.  And the Common Criteria specs excluded the one piece that would have tested 4.2.3.6 as “not applicable”.

 

Not to mention the many references to assumptions that were made for the EAL4 evaluation…

 

However, the main point is that Microsoft should already be familiar with the Kantara Initiative, so perhaps that is the way to go since many of the same requirements are present due to FICAM profile approval.

 

Jeff




Archive powered by MHonArc 2.6.16.

Top of Page