Assurance

[Tom Scavo <>]

> ...if we are going to develop a two-factor solution to use
> with federated applications it should not be the Silver Profile.

That's a given. Silver does not mandate 2FA and it never will. That's not the 
problem it was designed to solve.

> Adding two-factor to Silver comes too close (or perhaps all the
> way) to satisfying level 3.  If you want two factor let's just start
> talking about a Gold profile.

Yes and no. I agree we should start working on a Gold profile, but Gold is 
not the answer to all our problems. It doesn't meet the needs of my SP, for 
instance. I need strong authentication, but I don't need strong identity.

But I'm diverging from the original intent of this thread. Silver *can* 
leverage 2FA and clearly some IdPs are planning to take advantage of that. 
That's great.

Tom