assurance - Re: [Assurance] dept's leveraging central authentication systems ....
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Assurance] dept's leveraging central authentication systems ....
- Date: Mon, 20 Aug 2012 14:47:17 +0000
- Accept-language: en-US
On 8/20/12 10:36 AM, "Ann West"
<>
wrote:
>
>This sentence kinda confused me but I think I know where you're going
>"and I have been interpreting "appropriate" to mean "the same as all the
>policies and procedures relevant to our IDP infrastructure." I think the
>answer is that you are correct.
>
>If you have services using your silver credential, they should conform to
>the Silver spec so the credential is not compromised. Look at the trust
>model diagram on page 4 of the IAAF and you'll see non-IdP Apps within
>the scope (shaded area) of the IAP implementation for that reason.
>
>I think this is one reason why many schools are layering on two-factor
>and using that for Silver-only apps, but I'm sure others can comment
>further.
One of the conversations I recall not seeing a conclusion on was whether
having a policy against such apps was sufficient or whether you had to
have actual technical controls in place to prevent it.
-- Scott
- [Assurance] dept's leveraging central authentication systems ...., Steven Carmody, 08/16/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Ann West, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Cantor, Scott, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Ann West, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Cantor, Scott, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Eric Goodman, 08/20/2012
- RE: [Assurance] dept's leveraging central authentication systems ...., Lovaas,Steven, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Eric Goodman, 08/20/2012
- RE: [Assurance] dept's leveraging central authentication systems ...., Jones, Mark B, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Eric Goodman, 08/21/2012
- RE: [Assurance] dept's leveraging central authentication systems ...., Jones, Mark B, 08/21/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Eric Goodman, 08/21/2012
- RE: [Assurance] dept's leveraging central authentication systems ...., Lovaas,Steven, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Eric Goodman, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Cantor, Scott, 08/20/2012
- RE: [Assurance] dept's leveraging central authentication systems ...., Jones, Mark B, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Ann West, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Cantor, Scott, 08/20/2012
- Re: [Assurance] dept's leveraging central authentication systems ...., Ann West, 08/20/2012
Archive powered by MHonArc 2.6.16.