...
4.2.7 Assertion Content
Scope:
Gap Analysis:
...
Management Assertion:
...
Evidence of Compliance:
No gaps were identified.
...
Management Assertion:
...
Processes are in place at Virginia Tech to ensure that information about a Subject's identity conveyed in an Assertion of identity to an SP is from an authoritative source.
...
Evidence of Compliance:
...
The Identity Attributes on the eToken PDC are based on information retrieved from the VT Enterprise Directory. These attributes are:
- User unique UID
- User Legal (Banner) Name
- eMail Address
While the SunGard Banner system is the authoritative source for most of the attributes related to people in the Enterprise Directory, the Enterprise Directory is the authoritative source for person affiliations, which are mapped to eduPersonScopedAffiliation.
Until the time at which the Virginia Tech IdP is certified by InCommon to assert an IAQ, the IdP will only assert IAQs appropriate for testing, such as http://id.incommon.org/assurance/silver-test
or http://id.incommon.org/assurance/bronze-test.
Communication between CAS and Shibboleth components of the IdP is achieved using a secure channel. XML digital signatures and encryption provide for non-repudiation and security, respectively, of messages sent from the IdP to service providers.
info coming soon
4.2.8 Technical Environment
Scope:
Gap Analysis:
No gaps were identified.
Management Assertion:
Evidence of Compliance:
...
info coming soon
Did you use Alternative Means? If yes, describe briefly the process.
...
Gap Analysis:
Management Assertion:
Evidence of Compliance:
...
What did the auditors do during the audit?
...
Gap Analysis:
Management Assertion:
Evidence of Compliance:
...
Provide any lessons learned for those just starting.
...