assurance - Re: [Assurance] silver and two-factor ...
Subject: Assurance
List archive
- From: "Joe St Sauver" <>
- To:
- Subject: Re: [Assurance] silver and two-factor ...
- Date: Tue, 13 Mar 2012 11:10:11 -0800 (PST)
"Jones, Mark B"
<>
commented:
#Perhaps the interest in two-factor is actually an indication of the
#need for Gold assurance?
Just to get one latent issue explicitly onto the table, I would note
that not all two-factor solutions are equal, at least not if the
Assurance Program's "metal levels" are going to be mapped to NIST
800-63 LOA's.
Thus, choice of a soft cryptographic token, or a one time password device,
or a hard cryptographic token, would be satisfactory for 800-63 LOA-3 (and
what we might arguably assume will be "Gold").
LOA-4, however, mandates use of a *hard* cryptographic token and that
significantly reduces the options for whatever authentication technology
will be used for whatever we call what will be beyond Gold ("Platinum"?).
In fact, I'd argue that the ONLY practical option that exists for LOA-4
is PKI hard tokens/smart cards, at least as I read NIST 800-63. (see
SP800-63 v 1.0.2 at PDF page 44-48)
Regards,
Joe
- RE: [Assurance] silver and two-factor ..., (continued)
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/16/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Russell J Yount, 03/14/2012
Archive powered by MHonArc 2.6.16.