Assurance

[Jim Basney <>]

Your guess is as good as mine on if/when the TFPAP will be
updated/finalized, but indeed the "Release candidate 1.0.1, 4-Sep-2009"
is the reference cited in the v1.1 InCommon IAP.

On 8/4/11 10:48 AM, Arlene Allen wrote:
> Is it going to be updated or finalized? That doc says that it is a Sept
> 2009 Release Candidate.
> 
> On 8/4/2011 8:43 AM, Jim Basney wrote:
>> Note also that with the v1.1 InCommon Assurance revisions, the TFPAP
>> (http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf)
>>
>> is now our primary reference for LOA definitions, rather than 800-63.
>>
>> On 8/4/11 9:51 AM, Michael R. Gettes wrote:
>>> as long as we take care to indicate documents such as 800-63 as the
>>> gospel.  800-63 is for the feds, not for the rest of us.  there
>>> exists useful guidance within these docs but appropriate care should
>>> be taken to not use them as "the" way to do things.
>>>
>>> /mrg
>>>
>>> On Aug 4, 2011, at 10:44, Ann West wrote:
>>>
>>>> Yep. Good idea. I assume 800-63 would be used as background or if
>>>> one wanted to get another take on LoA? Also to understand the
>>>> providence for Bronze/Silver?
>>>>
>>>> I would think OMB-0404 should be included for SPs then and that
>>>> reminds me that we'll need to include guidance for how to assess
>>>> services for assurance levels. For instance, I talked to one
>>>> non-InCommon library vendor about LoA and he thought his abstract
>>>> service should probably be Silver.
>>>>
>>>> Or maybe the market place will sort that out?
>>>>
>>>>
>>>> Ann
>>>>
>>>>
>>>>
>>>> links to supporting docs  (NIST 800-63 for example)
>>>>
>>>> Mark
>>>>
>>>> ------------------------------------------
>>>> Mark Rank, Middleware Architect
>>>> University Information Technology Services
>>>> UW-Milwaukee
>>>> Email: 
>>>> 
>>>> Phn:  414-229-3706
>>>> ------------------------------------------
>>>>
>>>> ----- Original Message -----
>>>> From: "Ann 
>>>> West"<>
>>>> To: 
>>>> 
>>>> Sent: Thursday, August 4, 2011 9:18:59 AM
>>>> Subject: [InC Assurance] Assurance Toolkit: What's in it?
>>>>
>>>> Hi All,
>>>>
>>>> What tools, documents, guidance would you like to see in a toolkit
>>>> for implementing assurance?
>>>>
>>>>
>>>> Below is a brainstormed list to get us started:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> - Auditor guidance (what should be in the summary report, how long
>>>> an audit is expected to take, suggestions from peer auditors)
>>>> - Submission Templates
>>>> - Case studies on how others have satisfied the certification
>>>> requirements
>>>> - Checklist for certification (includes actions and documents to
>>>> submit)
>>>> - Assurance Addendum to Legal agreement
>>>>
>>>>
>>>> What's missing? Needs clarification?
>>>>
>>>>
>>>> Ann
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- 
>>>> Ann West
>>>> Internet2/InCommon/Michigan Tech
>>>> 
>>>> 
>>>> office: +1.906.487.1726
>>>>
>>>
>