Meeting the InCommon Assurance profile criteria using Active Directory

[Eric Goodman <>]

I just made a series of updates to the draft, again just barely meeting my own promised deadline. :)

 

Edits were made to this draft:

 

https://spaces.internet2.edu/display/InCAssurance/InCommon+Silver+with+Active+Directory+Domain+Services+Cookbook+-+DRAFT+20131213

 

(the one that Jeff added his diagram to).

 

Changes:

 

·         Added Executive Summary section

·         Removed references to MIT Kerberos.

·         Removed sentence “HTTP Traffic is not used to communicate with AD DS” from scope sction.

·         Copied some information from original (separate) “Charter and Scope” document into “Scope” section

·         Added comment in Glossary that “Kerberos” as used in the doc refers to “Windows Kerberos”

·         Added reference to ADFS near one instance of SPNEGO, GSSAPI

o   Did not add ADFS to the glossary, since it is defined in the scope section…

·         Removed header 5.3 and consolidated the 5.3.x subheaders under 5.2 (note, after editing, this is now section 6.x)

o   This was to make this section (recommended configurations) match more closely with the structure of the previous section (discussion of compliance issues)

o   Changed section titles to be more in line with section the similar-indent-level subheaders they are now merged with

§  I.e., the old section 5.2.x headers were functional names like “Protect traffic”, but the 5.3.x ones were numbered by section like “requirements for section 4.2.x.x”

·         Added “Comments” section (it just says “mail ”)

·         Added skeleton “Contributors” section. (Just names at the moment. Needs orgs, maybe titles.)

 

All changes were made against version 4 of the page, so compare “version 4 to current” to explicitly see what I added.

 

See you all in the AM.

 

--- Eric