AD-Assurance Notes from October 25

Michael Brogan, UW
Jeff Capehart, UFL
Eric Goodman, UCOP
Ron Thielen, U Chicago
David Walker, Internet2/InCommon
Ann West, Internet2/InCommon

Next Call

November 1 at Noon ET 
+1-734-615-7474 PREFERRED



  • Review of comments received from the AAC.


  • Section 4.2.2
    • We'll suggesting adding a statement about AD administrative accounts.  Only applies to admin accounts that can affect credentials that are used by the IdP.
    • In the scope, we'll add a comment that a thoughtful assessment of how AD integrates into your IdMS is critical to understanding how to apply the cookbook.
  • Section 4.2.3
    • We believe that it's not possible to retrieve Authentication Secrets (specifically) over the wire in
    • A diagram may help readers understand what verifier interactions fall under which IAP sections (and, therefore, require different types of controls).
    • If Scott's interpretation for 4.2.3 holds, then we're looking at alternative means that allow some algorithms that are not "approved."
  • Eric will draft a reply to Mary/Tom/Scott's note for review by us before sending to AAC.
  • No labels