AD-Assurance Notes from September 20
Brian Arkills, U Washington
Jeff Capehart, UFL
Eric Goodman, UCOP
Mark Rank, UCSF
David Walker, Internet2/InCommon
Ann West, Internet2/InCommon
September 27 at Noon ET
- Discussion of implications of AAC interpretation feedback on the Cookbook, the questions for Microsoft, and our "parking lot" items
- Start public review of the Cookbook after our next call?
- Action Items
- Eric will edit the Cookbook to reflect the past two call's discussions by Tuesday, 9/24.
- Everyone will review Eric's draft and comment by end of day on Wednesday, 9/25.
- Eric will make final (for now) revisions to the Cookbook for discussion in next Friday's call (9/27).
- After next Friday's call, Ann will announce that the Cookbook is available for public review and put it on the next Assurance Implementers agenda. Public review will close in time for us to discuss the feedback in our 11/8 call.
- We decided that IAP section 220.127.116.11 Strong Protection of Authentication Secrets, Item 3 should be within scope for the Cookbook, because of the AAC's interpretation of 18.104.22.168 Resist Eavesdropper Attack.
- The "Monitor and Mitigate" strategy no longer needs to be an Alternative Means statement, as it now applies only to 22.214.171.124.3. We will still present it, however, as a suggested means for complying with 126.96.36.199.3. As a result, we will be proposing no Alternative Means statements.
- We will not modify our questions for Microsoft as a result of the reinterpretation of 188.8.131.52.
- We have dispensed with all of the issues in the Parking Lot.
- The Cookbook is now in a "feature freeze," after the addition of 184.108.40.206.3.