Assurance

["Roy, Nicholas S" <>]

We have an InCommon Silver with Active Directory call scheduled for this 
Wednesday, October 26th, from 10-11 a.m. central time.

Here's the agenda:

1)      Quick intro to the project for new participants
2)      Review changes to cookbook since last meeting
3)      Items for discussion
     a.       Does 4.2.4.4 suggest an AD lifecycle of the following? 
Revocation event -> AD user is disabled -> 180 days passes -> AD user may be 
deleted (if desired) or is some other records retention process sufficient?
     b.      Is ADFS outside the scope of this document? How about Shibboleth 
pointed at AD? If they aren't outside the scope, then we probably need to add 
some content specific to them.
     c.       Might be some Windows specific stuff on 4.2.5.6: Mitigate risk 
of sharing credentials
     d.      4.2.4.1: Credential Issuance implies that the AD user 
provisioning process follows some processes--i.e. doesn't have folks who can 
create user accounts that don't follow the process. Do we need to say 
anything explicitly about that? 
     e.      AD-relevant ways to handle 4.2.4.2: Credential revocation and 
expiration
4)      Next steps
     a.       Help from others- people willing to contribute?
     b.      Timeline for completion
     c.       Getting the word out - ideas?

Conference bridge information for this call:

+1-734-615-7474 (Please use if you do not pay for Long Distance)
+1-866-411-0013 (toll free US/Canada Only)
 
Access Code: 0113279#

I look forward to hearing from you all -

Thanks,

Nick
------------ 
Nicholas Roy - Identity Architect
The University of Iowa / ITS - Administrative Information Systems / Directory 
and Authentication