Meeting the InCommon Assurance profile criteria using Active Directory

["Capehart,Jeffrey D" <>]

Based on our call today, the simpler model was preferred with a few changes:

 

1)      Revise text for non-IdP apps verifier to be “Strong Encryption Algorithms allowed”

2)      Change color from red  to yellow for non-IdP <-> verifier

3)      Make text for Idp <-> Verifier to be “Approved Algorithms must be used” (green lines)

4)      Add a stacked box for Active Directory as a verifier

5)      New -- Added a green line from Subject <-> IdP

6)      New -- Added a box in the upper right corner to identify the graphic as for AD DS Cookbook

7)      Add diagram to Scope 2.3 section with introductory text (transition paragraph)

 

The diagram should now:

·         Illustrate a particular scenario and the text as per the cookbook.

·         Show the concept of where approved algorithms are required

·         Not be overly detailed with controls, policies, requirements

 

I suggest visiting the cookbook to see the size/placement and revisions of the diagram.  (remember you will have to login first, then click the detailed link.)

https://spaces.internet2.edu/

 

https://spaces.internet2.edu/display/InCAssurance/InCommon+Silver+with+Active+Directory+Domain+Services+Cookbook+-+DRAFT+20131213

 

Note:  The diagram can’t do it all, especially if it is taken out of context.  It is supposed to be illustrative of the scope of the text spelled out in the cookbook -- where the details are.

 

Jeff

 

Jeff Capehart, CISA
IT Audit Manager
University of Florida - Office of Internal Audit
(352) 273-1882

http://oia.ufl.edu