This page lists sample management assertions that are generic enough to adapt to most institutions' use.
The following is a proposed list of sections that may have enough commonality for us to focus on. Please feel free to edit/modify this list. So far we had agreement on 4.2.1 and 4.2.7
Major Sections
- 4.2.1 Business, Policy and Operational Criteria
- 4.2.2 Registration and Identity Proofing
- 4.2.3 - Credential Technology
- General credential store tech used, which we could write generic assertions to cover
- Active Directory
- MIT Kerberos 5
- Sun/Oracle Directory Server Enterprise Edition
- Multi-factor
- General credential store tech used, which we could write generic assertions to cover
- 4.2.4 Credential Issuance and Management
- 4.2.5 - Authentication Process
- General AuthN used, which we could write generic assertions to cover
- Shibboleth
- Anything else?
- General AuthN used, which we could write generic assertions to cover
- 4.2.7 (SAML) Assertion Content
Sub Sections
- 4.2.2.2 - Identity Verification Process
- Are ID card offices prevalent enough, and are practices common enough, that we could write something general for this?
- 4.2.2.4.1 - Existing Relationship
- Employees: We all have I9's for our employees, seems like we could write something general for this
- What about other campus populations like students? Any documents in common?
- 4.2.2.4.2 - In-Person proofing
- ID Card office or Registration Authority again?
- 4.2.2.5 - Address of Record Confirmation
- General processes used, which we could write generic assertions to cover
- Email single use link
- Mail letter with temp credential that has a limited time to live
- General processes used, which we could write generic assertions to cover