assurance - RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference
Subject: Assurance
List archive
- From: "Dunker, Mary" <>
- To: "''" <>
- Subject: RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference
- Date: Wed, 18 Jul 2012 15:22:25 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
Thanks for the clarification, Tom.
Mary
-----------------------------------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327
--------------------------------------------------------------------
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Scavo
Sent: Wednesday, July 18, 2012 3:19 PM
To:
Subject: Re: [Assurance] Information Security Guide to InCommon IAP Cross
Reference
> I don't see anything that would apply to protecting private keys held
> by the IdP.
Thanks for checking.
> Are you specifically thinking about the keys associated with
> exchanging information with the IdP, or do you mean something like key
> escrow for private keys associated with personal certificates?
The former. Proper handling of the IdP's private signing key
(https://spaces.internet2.edu/x/E43NAQ) is critically important in a
federated scenario. I continue to be surprised/concerned that this is not
explicitly addressed in the Identity Assurance Profile.
Tom
- [Assurance] Information Security Guide to InCommon IAP Cross Reference, Dunker, Mary, 07/18/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/18/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Dunker, Mary, 07/18/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/18/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Dunker, Mary, 07/18/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Roy, Nicholas S, 07/18/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Renee Shuey, 07/18/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Roy, Nicholas S, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Cantor, Scott, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Ian Young, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Cantor, Scott, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/22/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Cantor, Scott, 07/23/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Roy, Nicholas S, 07/20/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Renee Shuey, 07/18/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/18/2012
- RE: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Dunker, Mary, 07/18/2012
- Re: [Assurance] Information Security Guide to InCommon IAP Cross Reference, Tom Scavo, 07/18/2012
Archive powered by MHonArc 2.6.16.