Assurance

[Steven Carmody <>]

I'm writing to ask whether I'm "over-interpreting" a section of the 
Silver profile.

Section 4.3.6, #3 states:

> If Authentication Secrets used by the IdP (or the IdP’s Verifier) are
> exposed in a transient fashion to non-IdP applications (for example,
> when users sign on to those applications using these Credentials),
> the IdPO must have appropriate policies and procedures in place to
> minimize risk from this exposure.

I've been interpreting this to mean ....

-- if a campus believes that its password-based mechanisms are silver 
compliant....

-- if there are machines or services where the password of a 
silver-certified user passes through those services in plaintext form

-- then the campus MUST have "appropriate policies and procedures in 
place to minimize risk from this exposure"

-- and I have been interpreting "appropriate" to mean "the same as all 
the policies and procedures relevant to our IDP infrastructure". 
Equivalent would also probably work here, but I don't want to start down 
that slippery slope just yet.

An easy example of this situation is a dept web server with some 
protected content that is authenticating against the central ldap server.

My question is -- am I using too strict a definition of "appropriate" ?

What are others in this same situation doing ?

Thanks!