Assurance

[David Walker <>]

Which brings us back to Michael's advice.  All of the documents
discussed have relevance.  When we post them, though, there should be a
little annotation as to their authority for InCommon.

David

On 08/04/2011 08:54 AM, Mark John Rank wrote:
> Jim:
>
> Good to know and would be a worthy link.  
> A brief glance though still has the 
> "see NIST SP 800-63 Appendix A for complete discussion" 
> reference. 
>
> Regards,
> Mark
>
>
> ------------------------------------------
> Mark Rank, Middleware Architect
> University Information Technology Services 
> UW-Milwaukee                       
> Email: 
> 
>             
> Phn:  414-229-3706     
> ------------------------------------------
>
> ----- Original Message -----
> From: "Jim Basney" 
> <>
> To: 
> 
> Sent: Thursday, August 4, 2011 10:43:33 AM
> Subject: Re: [InC Assurance] Assurance Toolkit: What's in it?
>
> Note also that with the v1.1 InCommon Assurance revisions, the TFPAP
> (http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf)
> is now our primary reference for LOA definitions, rather than 800-63.
>
> On 8/4/11 9:51 AM, Michael R. Gettes wrote:
>> as long as we take care to indicate documents such as 800-63 as the 
>> gospel.  800-63 is for the feds, not for the rest of us.  there exists 
>> useful guidance within these docs but appropriate care should be taken to 
>> not use them as "the" way to do things.
>>
>> /mrg
>>
>> On Aug 4, 2011, at 10:44, Ann West wrote:
>>
>>> Yep. Good idea. I assume 800-63 would be used as background or if one 
>>> wanted to get another take on LoA? Also to understand the providence for 
>>> Bronze/Silver? 
>>>
>>> I would think OMB-0404 should be included for SPs then and that reminds 
>>> me that we'll need to include guidance for how to assess services for 
>>> assurance levels. For instance, I talked to one non-InCommon library 
>>> vendor about LoA and he thought his abstract service should probably be 
>>> Silver. 
>>>
>>> Or maybe the market place will sort that out?
>>>
>>>
>>> Ann
>>>
>>>
>>>
>>> links to supporting docs  (NIST 800-63 for example)
>>>
>>> Mark
>>>
>>> ------------------------------------------
>>> Mark Rank, Middleware Architect
>>> University Information Technology Services 
>>> UW-Milwaukee                       
>>> Email: 
>>> 
>>>             
>>> Phn:  414-229-3706     
>>> ------------------------------------------
>>>
>>> ----- Original Message -----
>>> From: "Ann West" 
>>> <>
>>> To: 
>>> 
>>> Sent: Thursday, August 4, 2011 9:18:59 AM
>>> Subject: [InC Assurance] Assurance Toolkit: What's in it?
>>>
>>> Hi All, 
>>>
>>> What tools, documents, guidance would you like to see in a toolkit for 
>>> implementing assurance? 
>>>
>>>
>>> Below is a brainstormed list to get us started: 
>>>
>>>
>>>
>>>
>>>
>>>
>>> - Auditor guidance (what should be in the summary report, how long an 
>>> audit is expected to take, suggestions from peer auditors) 
>>> - Submission Templates 
>>> - Case studies on how others have satisfied the certification 
>>> requirements 
>>> - Checklist for certification (includes actions and documents to submit) 
>>> - Assurance Addendum to Legal agreement 
>>>
>>>
>>> What's missing? Needs clarification? 
>>>
>>>
>>> Ann 
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -- 
>>> Ann West
>>> Internet2/InCommon/Michigan Tech 
>>> 
>>>  
>>> 
>>>  
>>> office: +1.906.487.1726 
>>>
>>