Skip to Content.
Sympa Menu

assurance - Re: [InC Assurance] Assurance Toolkit: What's in it?

Subject: Assurance

List archive

Re: [InC Assurance] Assurance Toolkit: What's in it?


Chronological Thread 
  • From: David Walker <>
  • To:
  • Subject: Re: [InC Assurance] Assurance Toolkit: What's in it?
  • Date: Thu, 04 Aug 2011 15:08:18 -0700

Which brings us back to Michael's advice. All of the documents
discussed have relevance. When we post them, though, there should be a
little annotation as to their authority for InCommon.

David

On 08/04/2011 08:54 AM, Mark John Rank wrote:
> Jim:
>
> Good to know and would be a worthy link.
> A brief glance though still has the
> "see NIST SP 800-63 Appendix A for complete discussion"
> reference.
>
> Regards,
> Mark
>
>
> ------------------------------------------
> Mark Rank, Middleware Architect
> University Information Technology Services
> UW-Milwaukee
> Email:
>
>
> Phn: 414-229-3706
> ------------------------------------------
>
> ----- Original Message -----
> From: "Jim Basney"
> <>
> To:
>
> Sent: Thursday, August 4, 2011 10:43:33 AM
> Subject: Re: [InC Assurance] Assurance Toolkit: What's in it?
>
> Note also that with the v1.1 InCommon Assurance revisions, the TFPAP
> (http://www.idmanagement.gov/documents/TrustFrameworkProviderAdoptionProcess.pdf)
> is now our primary reference for LOA definitions, rather than 800-63.
>
> On 8/4/11 9:51 AM, Michael R. Gettes wrote:
>> as long as we take care to indicate documents such as 800-63 as the
>> gospel. 800-63 is for the feds, not for the rest of us. there exists
>> useful guidance within these docs but appropriate care should be taken to
>> not use them as "the" way to do things.
>>
>> /mrg
>>
>> On Aug 4, 2011, at 10:44, Ann West wrote:
>>
>>> Yep. Good idea. I assume 800-63 would be used as background or if one
>>> wanted to get another take on LoA? Also to understand the providence for
>>> Bronze/Silver?
>>>
>>> I would think OMB-0404 should be included for SPs then and that reminds
>>> me that we'll need to include guidance for how to assess services for
>>> assurance levels. For instance, I talked to one non-InCommon library
>>> vendor about LoA and he thought his abstract service should probably be
>>> Silver.
>>>
>>> Or maybe the market place will sort that out?
>>>
>>>
>>> Ann
>>>
>>>
>>>
>>> links to supporting docs (NIST 800-63 for example)
>>>
>>> Mark
>>>
>>> ------------------------------------------
>>> Mark Rank, Middleware Architect
>>> University Information Technology Services
>>> UW-Milwaukee
>>> Email:
>>>
>>>
>>> Phn: 414-229-3706
>>> ------------------------------------------
>>>
>>> ----- Original Message -----
>>> From: "Ann West"
>>> <>
>>> To:
>>>
>>> Sent: Thursday, August 4, 2011 9:18:59 AM
>>> Subject: [InC Assurance] Assurance Toolkit: What's in it?
>>>
>>> Hi All,
>>>
>>> What tools, documents, guidance would you like to see in a toolkit for
>>> implementing assurance?
>>>
>>>
>>> Below is a brainstormed list to get us started:
>>>
>>>
>>>
>>>
>>>
>>>
>>> - Auditor guidance (what should be in the summary report, how long an
>>> audit is expected to take, suggestions from peer auditors)
>>> - Submission Templates
>>> - Case studies on how others have satisfied the certification
>>> requirements
>>> - Checklist for certification (includes actions and documents to submit)
>>> - Assurance Addendum to Legal agreement
>>>
>>>
>>> What's missing? Needs clarification?
>>>
>>>
>>> Ann
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Ann West
>>> Internet2/InCommon/Michigan Tech
>>>
>>>
>>>
>>>
>>> office: +1.906.487.1726
>>>
>>



Archive powered by MHonArc 2.6.16.

Top of Page