assurance - RE: [Assurance] silver and two-factor ...
Subject: Assurance
List archive
- From: "Jones, Mark B" <>
- To: "" <>
- Subject: RE: [Assurance] silver and two-factor ...
- Date: Fri, 16 Mar 2012 11:36:15 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Tom,
You say you have an SP that requires two-factor authentication. I think we
need to begin talking in terms of level of assurance. The question is what
LoA does your SP require. For instance, I use a Google OTP for my Google
account but I assume the LoA of that authentication is still something less
than level 2. And if you are talking in terms of NIST 800-63, two-factor
might refer to levels 3 or 4. Does your SP require Level 3 authentication?
-----Original Message-----
From:
[mailto:]
On Behalf Of Tom Scavo
Sent: Friday, March 16, 2012 11:18 AM
To:
Subject: Re: [Assurance] silver and two-factor ...
> By configuring the IdP to use a 2-factor
> authentication handler when it provides authentication for a service
> which indicates that it needs it (via metadata), we have abstracted
> the complexity of dealing with 2-factor authentication away from the
> application- as long as it's a web app.
Agreed (in principle). Note that SPs do not indicate their desire for 2FA via
metadata, however. They request it just-in-time via the AuthnRequest. The
problem is that there is no agreed upon qualifier to signal such an exchange,
so the SP doesn't know what to request and the IdP doesn't know what to
assert.
I run an SP that *requires* 2FA, so I'm feeling the pain. I don't know if
there are other such SPs. If there were significant numbers of such SPs, that
might justify writing a specification that addresses this use case.
Tom
- RE: [Assurance] silver and two-factor ..., (continued)
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/15/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/15/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/15/2012
- RE: [Assurance] silver and two-factor ..., Roy, Nicholas S, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Dunker, Mary, 03/16/2012
- Re: [Assurance] silver and two-factor ..., Tom Scavo, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/16/2012
- RE: [Assurance] silver and two-factor ..., Jones, Mark B, 03/13/2012
- RE: [Assurance] silver and two-factor ..., Russell J Yount, 03/14/2012
Archive powered by MHonArc 2.6.16.