Skip to Content.
Sympa Menu

assurance - RE: [Assurance] Remote proofing feedback from Big Ten auditors

Subject: Assurance

List archive

RE: [Assurance] Remote proofing feedback from Big Ten auditors


Chronological Thread 
  • From: "Jones, Mark B" <>
  • To: "" <>
  • Subject: RE: [Assurance] Remote proofing feedback from Big Ten auditors
  • Date: Fri, 10 Aug 2012 01:36:49 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

I’m not seeing the distinction you are trying make between ‘meeting’ the standard and being ‘comparable’ to the standard.

 

The language from the ICAM link below:
ICAM has assessed the efficacy of the Trust Frameworks of the following Industry organizations to determine if they are comparable to federal standards of security and privacy.
If approved by ICAM, credentials issued by Identity Providers who are assessed against these Approved Trust Frameworks by their respective Trust Framework Provider (TFP) can be trusted and used by federal Relying Parties (RPs) at a known level of assurance (LOA) comparable to one of the four OMB Levels of Assurance.

 

And your own comments:

after a great deal of work helping the Feds understand us and then us understanding the Feds we have a shared view and agreement of how our trust frameworks work together and map onto each other.

 

Both seem to me to say that InCommon meets the “federal standards of security and privacy” of which 800-63 is one. 

 

Do you have an example of a requirement in 800-63 that is not met by the IAP?

 

 

 

From: [mailto:] On Behalf Of Michael R. Gettes
Sent: Thursday, August 09, 2012 2:31 PM
To: <>
Subject: Re: [Assurance] Remote proofing feedback from Big Ten auditors

 

Mark,

 

I believe your interoperation is not accurate.  We are comparable to 800-63 but to say it meets it is not true.  We meet being a FICAM approved Trust Framework.  Behind the scenes there has been lots of work by various people to work with the FICAM to have them approve the InCommon trust framework as comparable to the Federal Trust Framework.  This means, after a great deal of work helping the Feds understand us and then us understanding the Feds we have a shared view and agreement of how our trust frameworks work together and map onto each other.  I hope this helps.

 

/mrg

 

On Aug 9, 2012, at 13:52, Jones, Mark B wrote:



I think the significant point here is that InCommon is ICAM approved (http://www.idmanagement.gov/pages.cfm/page/ICAM-TrustFramework-Provider) and that 800-63 is one of the federal standards ICAM uses to assess “the efficacy of … Trust Frameworks”.

 

The way I interpret all this is that InCommon Silver meets the 800-63 standard.

 

 

From:  [] On Behalf Of Ann West
Sent: Thursday, August 09, 2012 9:57 AM
To: 
Subject: Re: [Assurance] Remote proofing feedback from Big Ten auditors

 


Yes.

 

Ann

 

So "comparable" but "not the same"?

 

Bill

 

 


Archive powered by MHonArc 2.6.16.

Top of Page