AD-Assurance Notes from September 20

Brian Arkills, U Washington
Jeff Capehart, UFL
Eric Goodman, UCOP
Mark Rank, UCSF
David Walker, Internet2/InCommon
Ann West, Internet2/InCommon

Next Call

September 27 at Noon ET 
+1-734-615-7474 PREFERRED
+1-866-411-0013

0195240#

Agenda:

  • Discussion of implications of AAC interpretation feedback on the Cookbook, the questions for Microsoft, and our "parking lot" items
  • Start public review of the Cookbook after our next call?

Notes

  • Action Items
    • Eric will edit the Cookbook to reflect the past two call's discussions by Tuesday, 9/24.
    • Everyone will review Eric's draft and comment by end of day on Wednesday, 9/25.
    • Eric will make final (for now) revisions to the Cookbook for discussion in next Friday's call (9/27).
    • After next Friday's call, Ann will announce that the Cookbook is available for public review and put it on the next Assurance Implementers agenda.  Public review will close in time for us to discuss the feedback in our 11/8 call.
  • We decided that IAP section 4.2.3.6 Strong Protection of Authentication Secrets, Item 3 should be within scope for the Cookbook, because of the AAC's interpretation of 4.2.5.2 Resist Eavesdropper Attack.
  • The "Monitor and Mitigate" strategy no longer needs to be an Alternative Means statement, as it now applies only to 4.2.3.6.3.  We will still present it, however, as a suggested means for complying with 4.2.3.6.3.  As a result, we will be proposing no Alternative Means statements.
  • We will not modify our questions for Microsoft as a result of the reinterpretation of 4.2.5.2.
  • We have dispensed with all of the issues in the Parking Lot.
  • The Cookbook is now in a "feature freeze," after the addition of 4.2.3.6.3.
  • No labels