ad-assurance - [AD-Assurance] Protected Channels and the IAP
Subject: Meeting the InCommon Assurance profile criteria using Active Directory
List archive
- From: David Walker <>
- To: InCommon AD Assurance Group <>
- Cc: DHW <>
- Subject: [AD-Assurance] Protected Channels and the IAP
- Date: Tue, 14 May 2013 16:26:17 -0700
- Authentication-results: sfpop-ironport04.merit.edu; dkim=pass (signature verified)
Everyone,
As we discussed on Friday, here are the places Protected Channels are required in the IAP that could affect what we're doing:
4.2.5.3 (S) (B) SECURE COMMUNICATION (part of 4.2.5 AUTHENTICATION PROCESS)
Communication of unencrypted Authentication Secrets between Subject and IdP must use a Protected Channel.
4.2.8.2 (S) NETWORK SECURITY
1. Appropriate measures shall be used to protect the confidentiality and integrity of network communications supporting IdMS operations. Protected Channels should be used for communications between systems when communication includes Authentication Secrets or personally identifiable information, or when a lack of message integrity could practically result in incorrect information being associated with a Subject.
The passages in red are my words, indicating what I think is really important/intended in the requirement. I don't think we have a problem with 4.2.5.3, but we've been wrestling with 4.2.8.2 for a while now. Do any of us know enough about internal communication among MS IAM products to know if my red words would help?
David
- [AD-Assurance] Protected Channels and the IAP, David Walker, 05/14/2013
- RE: [AD-Assurance] Protected Channels and the IAP, Capehart,Jeffrey D, 05/15/2013
- RE: [AD-Assurance] Protected Channels and the IAP, Ron Thielen, 05/15/2013
- RE: [AD-Assurance] Protected Channels and the IAP, Capehart,Jeffrey D, 05/15/2013
Archive powered by MHonArc 2.6.16.