Skip to Content.
Sympa Menu

assurance - Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches

Subject: Assurance

List archive

Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches


Chronological Thread 
  • From: Ann West <>
  • To:
  • Subject: Re: [Assurance] RE: [confluence] InC-Assurance > Remote-Proofing Approaches
  • Date: Fri, 10 Aug 2012 08:35:36 -0400 (EDT)
ICAM did not certify Google. OIX did.
http://www.idmanagement.gov/pages.cfm/page/ICAM-TrustFramework-IDP

And regarding Google not being certified at Silver, InCommon does offer the
option of submitting comparable alternatives. I think Google's bigger problem
is that they are a corporate entity and are not eligible to participate in
InCommon's Assurance Program.

Ann



----- Original Message -----
>
>
> > The fact that Google and others have gone to the trouble of
> > becoming
> > ICAM approved is evidence that 800-63 is gaining traction as a
> > standard "in the broader marketplace".
>
> No, I don't think so. Google is simply acknowledging the fact that
> IdPs will ultimately be categorized with respect to their
> trustworthiness. Jumping on the ICAM bandwagon is perhaps the best
> way to distinguish yourself as an IdP, at least for the moment.
>
> Note that Google could not possibly certify as InCommon Bronze since
> they don't meet the password entropy requirements. However, Google
> employs risk-based authentication measures that mitigate some of the
> same threats that password entropy addresses. AFAIK, there's nothing
> about risk-based authentication in 800-63 but apparently ICAM thinks
> Google's approach deserves LoA-1.
>
> Tom
>

Archive powered by MHonArc 2.6.16.

Top of Page