Child pages
  • Assurance Implementation Example - Virginia Tech

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

4.2.7 Assertion Content

Scope:
Gap Analysis:

 No gaps were identified.

Management Assertion:

Processes are in place at Virginia Tech to ensure that information about a Subject's identity conveyed in an Assertion of identity to an SP is from an authoritative source. 

...

Evidence of Compliance:

...

       info coming soonThe Identity Attributes on the eToken PDC are based on information retrieved from the VT Enterprise Directory. These attributes are:

  • User unique UID
  • User Legal (Banner) Name
  • eMail Address

While the SunGard Banner system is the authoritative source for most of the attributes related to people in the Enterprise Directory, the Enterprise Directory is the authoritative source for person affiliations, which are mapped to eduPersonScopedAffiliation.

Until the time at which the Virginia Tech IdP is certified by InCommon to assert an IAQ, the IdP will only assert IAQs appropriate for testing, such as http://id.incommon.org/assurance/silver-test or http://id.incommon.org/assurance/bronze-test.

Communication between CAS and Shibboleth components of the IdP is achieved using a secure channel. XML digital signatures and encryption provide for non-repudiation and security, respectively, of messages sent from the IdP to service providers. 

      

4.2.8 Technical Environment

Scope:
Gap Analysis:

No gaps were identified. 

Management Assertion:
Evidence of Compliance:

...

      info coming soon

Did you use Alternative Means? If yes, describe briefly the process.

...

Gap Analysis:
Management Assertion:
Evidence of Compliance:

...

What did the auditors do during the audit?

...

Gap Analysis:
Management Assertion:
Evidence of Compliance:

...

Provide any lessons learned for those just starting.

...