AD-Assurance Notes from October 25
Michael Brogan, UW
Jeff Capehart, UFL
Eric Goodman, UCOP
Ron Thielen, U Chicago
David Walker, Internet2/InCommon
Ann West, Internet2/InCommon
November 1 at Noon ET
- Review of comments received from the AAC.
- Section 4.2.2
- We'll suggesting adding a statement about AD administrative accounts. Only applies to admin accounts that can affect credentials that are used by the IdP.
- In the scope, we'll add a comment that a thoughtful assessment of how AD integrates into your IdMS is critical to understanding how to apply the cookbook.
- Section 4.2.3
- We believe that it's not possible to retrieve Authentication Secrets (specifically) over the wire in 126.96.36.199.2.
- A diagram may help readers understand what verifier interactions fall under which IAP sections (and, therefore, require different types of controls).
- If Scott's interpretation for 4.2.3 holds, then we're looking at alternative means that allow some algorithms that are not "approved."
- Eric will draft a reply to Mary/Tom/Scott's note for review by us before sending to AAC.