Meeting the InCommon Assurance profile criteria using Active Directory

["Rank, Mark" <>]

Eric et al.:

I went in and offered some edits to Paragraph 2 of the Intro and to the answer on scope in Appx G. 

Some questions for the group?

- Intro | Paragraph 1 |Should we ref version of IAP?

- Intro | Last two paragraphs | Should we change the last two paragraphs of the intro to "living document language"?

Otherwise, I think it looks OK to me.

Regards,

Mark

--------------------------------------------------

Mark Rank
Project Manager - Identity & Access Mgt

UCSF Information Technology Services (ITS)
email:

phn:414-331-1476

--------------------------------------------------

---

From: [] on behalf of Eric Goodman []
Sent: Friday, June 07, 2013 10:15 AM
To:
Subject: [AD-Assurance] Cookbook edits

I didn’t say this as we got off the call, but I made some edits to the BitLocker statements already, to call out the use of approved algorithm.

 

I also did a quick scan of the appendices, and they look fine to me. I did rename the Appendix C from “Operational Considerations…[around use of]…Syskey” to “For Use of Disk Encryption Software” since Syskey is not considered sufficient.

 

I think Appendix F is someone non-sequitor-ish now that we removed any reference to password entropy from the rest of the doc, but I don’t see a problem leaving it in.

 

At this point I’ll stop editing to allow collection of comments on the doc as a “reference draft” we can all speak to.

 

--- Eric