assurance - RE: [Assurance] silver and two-factor ...
Subject: Assurance
List archive
- From: "Roy, Nicholas S" <>
- To: "" <>
- Subject: RE: [Assurance] silver and two-factor ...
- Date: Wed, 14 Mar 2012 17:16:09 +0000
- Accept-language: en-US
A question I have is what kind of authentication services are schools running
who feel that they can use passwords to achieve Silver? Specifically, what
is your central source of authentication? What will end up providing the
verifier role to your Silver-compliant IdP? What kind of clients of this
service do you have (ERPs, *.webapp, workstations (Windows, OS X, Linux,
other?), printers, file servers, network appliances, etc.) How tightly
controlled is access to the service? What kinds of authentication endpoints
are available (LDAP, LDAPS, Kerberos, RADIUS, web services, etc.) how are
those endpoints protected and from what network scope can clients connect to
them (only on-campus, off campus, only via a VPN, other?) Do you provision
passwords to other authentication services that aren't your central provider?
How do you plan to assess and/or enforce client behavior (for example, use
of SSL for web forms that validate passwords against your authentication
service), or do you consider that out of scope?
I'm not saying you can't use passwords to achieve Silver, but the project
complexity seems pretty high in a big, heterogeneous campus environment.
Nick
-----Original Message-----
From:
[mailto:]
On Behalf Of Steven Carmody
Sent: Tuesday, March 13, 2012 11:48 AM
To:
Subject: [Assurance] silver and two-factor ...
I'm wondering why so many sites that are interested in Silver are so
interested in two-factor....
I haven't looked at the Silver profile in a long time. But, my memory is
that strong passwords, stored sufficiently securely, and not replicated
into uncontrolled environments (eg google), would pass muster with
Silver. I'm assuming, of course, that the other Silver criteria (eg
around identity proofing, account claiming, etc) would also be met.
I can imagine that there may be issues with those passwords passing
through a variety of systems (eg systems that are then authenticating
users against a central ldap, for instance). But, that's just a guess --
I would be interested in hearing about specific concerns that are
driving sites toward two-factor.
Thanks for any light you can shine on this!
- Re: [Assurance] silver and two-factor ..., (continued)
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Caskey, Paul, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Farmer, Jacob, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Christopher Bongaarts, 03/13/2012
- Re: [Assurance] silver and two-factor ..., Frazier, William S [ITSYS], 03/13/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/14/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/15/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- Re: [Assurance] silver and two-factor ..., David Bantz, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- RE: [Assurance] silver and two-factor ..., David Walker, 03/14/2012
Archive powered by MHonArc 2.6.16.