Assurance

[Ann West <>]

You are right, David. But I was speaking about maturity of IdM. In that example, I think my statement is correct.

And I also need to correct my use of the word "basic." We call it InCommon "standard."

Ann

---

Perhaps familiarity with the concepts in the assurance framework document, section 2 in particular?

InCommon isn't really "come as you are."  We require enough organizational structure to sign a legal agreement, delegate authority for identity management, and to complete the Participant Operating Practices statement.  At least we know who should be familiar with the concepts.  We could target some learning materials at them, if nothing else.

David

On 08/04/2011 07:56 AM, Ann West wrote:

Indeed.

What should be the assumed level of IdM for the IdPs? That is, for folks not as far along in the maturity scale, they might need more help on the basic concepts/terms. Remember, InCommon basic is "come as you are."

---

as long as we take care to indicate documents such as 800-63 as the gospel.  800-63 is for the feds, not for the rest of us.  there exists useful guidance within these docs but appropriate care should be taken to not use them as "the" way to do things.

/mrg

On Aug 4, 2011, at 10:44, Ann West wrote:

Yep. Good idea. I assume 800-63 would be used as background or if one wanted to get another take on LoA? Also to understand the providence for Bronze/Silver? 

I would think OMB-0404 should be included for SPs then and that reminds me that we'll need to include guidance for how to assess services for assurance levels. For instance, I talked to one non-InCommon library vendor about LoA and he thought his abstract service should probably be Silver. 

Or maybe the market place will sort that out?

Ann

---

links to supporting docs  (NIST 800-63 for example)

Mark

------------------------------------------
Mark Rank, Middleware Architect
University Information Technology Services 
UW-Milwaukee                       
Email:             
Phn:  414-229-3706     
------------------------------------------

----- Original Message -----
From: "Ann West" <>
To: 
Sent: Thursday, August 4, 2011 9:18:59 AM
Subject: [InC Assurance] Assurance Toolkit: What's in it?

Hi All, 

What tools, documents, guidance would you like to see in a toolkit for implementing assurance? 


Below is a brainstormed list to get us started: 






- Auditor guidance (what should be in the summary report, how long an audit is expected to take, suggestions from peer auditors) 
- Submission Templates 
- Case studies on how others have satisfied the certification requirements 
- Checklist for certification (includes actions and documents to submit) 
- Assurance Addendum to Legal agreement 


What's missing? Needs clarification? 


Ann 

-- 
Ann West
Internet2/InCommon/Michigan Tech 
 
 
office: +1.906.487.1726 

--
Ann West
Internet2/InCommon/Michigan Tech


office: +1.906.487.1726

--
Ann West
Internet2/InCommon/Michigan Tech


office: +1.906.487.1726