Date: Fri, 29 Mar 2024 13:07:06 +0000 (UTC) Message-ID: <1051506162.7991.1711717626422@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7990_1566157347.1711717626420" ------=_Part_7990_1566157347.1711717626420 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Mark Rank, UCSF
David Walker, InCommon/Internet2
Michael Brogan, UWash
Jeff Capehart, UFL
Ron Thielen, UChicago
Lee Amenya, UCSD
Jeff Whitworth, UNC-Greensboro
Eric Goodman, UCOP
Ann West, InCommon/Internet2
Next Call
March 29 at Noon ET
+1-734-615-7474 PREFERRED
+1-866-411-0013
0195240#
Agenda: Ron's AM, updates to AIs and impacts =
on the matrix, next matrix criteria
Old
Ann will work with Debbie Bucci (NIH) to set up calls with Federal Agencie=
s that have certified IdPs.
New
Ron will upload Bit Locker information to the wiki.
Lee will check into recommendations for AD password store replication.
Mark to fill in 4.2.3.6.2 and 3.
Michael to update the existing rows to reflect today's discussion.
Eric to fill in 4.2.5.1, 4.2.5.2, 4.2.8.2.1 and review if there are other =
gaps besides protected channels.
Ron would like a peer review of his Alternative Means document on the wiki. We'= ll include this on the agenda of the next call, but folks are encouraged to= comment in email.
Matrix = Discussion
4.2.3.4 Stored Authn Secrets (S)
Only need to address one of the 3 password storage alternatives
Alternative 2
[AI] Ron will upload Bit Locker information to the wiki.
Could also use FIPS 140--2 encrypted hard drives
4.2.3.5 Basic Protection of Authn Secrets
4.2.3.6 Strong Protection of Authn Secrets
1b. Protected Channel
Focus on native issues for AD. Only identified use case was password sto= re replication among AD servers.
Note about the Cookbook: Provide clear direction about practices that cl= ear the bar and AM.
[AI] Mark to fill in 4.2.3.6.2 and 3.
[AI] Michael to update the existing rows to reflect today's discussion= p>
[AI] Eric to fill in 4.2.5.1, 4.2.5.2, 4.2.8.2.1. If we can determi= ne how to handle protected channels, these may fall out under that. Eric wi= ll review if there are other gaps besides protected channels.