Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] AAC Response: Clarification on Authentication Secrets

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] AAC Response: Clarification on Authentication Secrets

Chronological Thread 
  • From: Ann West <>
  • To: "" <>
  • Cc: "" <>
  • Subject: [AD-Assurance] AAC Response: Clarification on Authentication Secrets
  • Date: Tue, 27 Aug 2013 16:46:36 +0000
  • Accept-language: en-US

Dear Colleagues,

The AAC agrees with the AD group that "Authentication Secrets" in the IAP refers to secrets shared by a Subject and the Verifier that are used in Subject's authentication to the IdP. Any other secrets, keys, etc that the Verifier verifies that are not used by Subjects to authenticate to the IdP are not in scope for The set of Authentication Secrets in scope for the IAP is further restricted to just those belonging to Subjects that are in scope for the IAP.

4.2.5 addresses the integrity of authentication of a Subject to the IdP by requiring the existence of certain types of controls that reduce the chance that someone might impersonate a Subject when authenticating to the IdP. 

Best regards,
Ann on behalf of the AAC

Ann West
Assistant Director,
InCommon Assurance and Community
Internet2 based at Michigan Tech
office: +1.906.487.1726 

Archive powered by MHonArc 2.6.16.

Top of Page