Assurance

["Dunker, Mary" <>]

Hi, Tom,

I don't see anything that would apply to protecting private keys held by the 
IdP. Are you specifically thinking about the keys associated with exchanging 
information with the IdP, or do you mean something like key escrow for 
private keys associated with personal certificates?  I can look for some 
effective practices, and potentially add something to 
https://wiki.internet2.edu/confluence/display/itsg2/Encryption+101 .

 Mary


-----------------------------------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327

 
--------------------------------------------------------------------


-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Tom Scavo
Sent: Wednesday, July 18, 2012 1:07 PM
To: 

Subject: Re: [Assurance] Information Security Guide to InCommon IAP Cross 
Reference


> I'm starting to build a cross reference between the Information 
> Security Guide www.educause.edu/security/guide and the IAP at:
> 
> https://spaces.internet2.edu/display/InCAssurance/InCommon+Identity+As
> surance+and+HEISC+Information+Security+Guide
> 
> So far, I just mapped section numbers from the IAP to section numbers 
> from the Guide (and not all IAP sections have mappings.)  My question 
> is, "Where do we go from here?" Should I change the section numbers 
> into links? Should we try to point to more specific resources from the 
> Guide? What do you think would be most useful to the Assurance 
> community?

Mary, is there specific advice in the Guide regarding private keys held by 
the IdP?

Thanks,
Tom