Meeting the InCommon Assurance profile criteria using Active Directory

[Eric Goodman <>]

I haven’t had a chance yet to make the edits we’ve discussed. I’ll go ahead and do those later today, and will send out a notice when done.

 

Do we have a reason to meet this morning(ish)? Or are we good with me just making edits according to the previous discussion? To repeat, the edits I have scheduled (at least prior to a more careful rereading) are listed below (some are duplicates of one another). If everyone’s okay with this, and we’re all just waiting on my edits, I’m not sure we need to take people’s time to actually discuss, but if discussion is warranted I’m happy to be on the call.

 

--- Eric

 

Proposed Action Items:

 

·         Clarification of Protected Channels in IAP 4.2.6.2

o   Look at our categorization of protocols to ensure no language is in conflict with the updated interpretation. (Cookbook 3 and 4.2.1)

o   Clarify IAP 4.2.6.2’s interpretation to match the interpretation. (Cookbook 4.2.3)

o   Determine language around NTLMv1 (Cookbook 3 and 4.2.1)

·         IAP 4.2.6.3 clarification

o   Update the Cookbook to take IAP 4.2.6.3 out of scope of the AD Cookbook (Cookbook 4.2, 4.2.4)

o   Further clarify IAP 4.2.6.2’s interpretation in the Cookbook to also match the clarification (Tom’s interpretation of transmission vs. handling of passwords) here. (Cookbook 4.2.3)

·         IAP silent on NTLMv1?

o   No change here, though the language may already be changed based on Protected Channels in 4.2.6.2, above. (Cookbook 3, 4.2.1, 4.2.3)