assurance - Re: [Assurance] silver, 2-factor, password requirements
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [Assurance] silver, 2-factor, password requirements
- Date: Thu, 29 Nov 2012 17:07:34 -0500 (EST)
> I'm not sure what you mean by "legal identity".
According to the IAP, "Identity proofing in this IAP is based on
government-issued ID or public records," so I'm referring to the identity
information obtained as a result of that identity proofing process.
> To me the question
> of what LoA is required is answered by evaluating the risk to your
> application as described in OMB M-04-04. For example what are the
> consequences of someone impersonating a valid user or a valid user
> claiming that their credential was not under their control to avoid
> accountability.
We already did a risk assessment for our app:
https://spaces.internet2.edu/x/OIjNAQ
Two-factor authentication has been identified as a possible control. The cost
of a 2FA deployment has fallen dramatically in the last year, so that's the
direction we're heading.
> If you don't care about the ability to hold the
> user accountable isn't Bronze sufficient? If you do care, relaxing
> identity proofing seems counterproductive.
The user isn't the responsible party in this case since we have a signed
agreement with the user's organization. This is basically how it works with
most (all?) SaaS apps.
Tom
- [Assurance] silver, 2-factor, password requirements, Steven Carmody, 11/27/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/27/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/29/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/29/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Michael R. Gettes, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Farmer, Jacob, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Barton, 11/30/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/27/2012
Archive powered by MHonArc 2.6.16.