AD-Assurance Notes from April 19

Lee Amenya, UCSD
Brian Arkills, UWash
Erik Coleman, UIllinios
Eric Goodman, UCOP
Ron Thielen, UChicago
David Walker, InCommon/Internet2
Ann West, InCommon/Internet2

Next Call

April 26 at Noon ET
+1-734-615-7474 PREFERRED

Agenda: Discuss Questions for Microsoft.

Action Items

  •  Everyone add questions for Microsoft to Questions for Microsoft in preparation for a call with Microsoft, hopefully our May 3 call.


  • There's a difference between compromising a credential and compromising a Kerberos ticket.  As long as the tickets used by the IdP are protected, we probably don't need to worry so much about compromise of other tickets.  It's still a security concern, but not specifically one affecting Silver compliance.
  • It's not clear how secure AD's password-setting interfaces are.  We'll ask Microsoft.
  • Kerberos Armoring looks like it can help with RC4 encryption issues.  NASA tells us, though, that it is not widely deployed, and it looks like it requires Windows 8.  We'll ask Microsoft about this.
  • No labels