assurance - RE: [Assurance] silver, 2-factor, password requirements
Subject: Assurance
List archive
- From: "Jones, Mark B" <>
- To: "" <>
- Subject: RE: [Assurance] silver, 2-factor, password requirements
- Date: Thu, 29 Nov 2012 20:40:16 -0600
- Accept-language: en-US
- Acceptlanguage: en-US
I strongly disagree. You can't lump ALL RPs in the "doesn't care" column.
Strong binding (well... at least LoA2) between authentication credentials and
their owners has been critical for every use case I have been involved with.
These are cases that deal with HIPAA, FERPA, PII, PHI. Maybe these are edge
cases, but identity vetting less than Silver would be a show stopper.
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott
Sent: Thursday, November 29, 2012 4:59 PM
To:
Subject: Re: [Assurance] silver, 2-factor, password requirements
On 11/29/12 5:07 PM, "Tom Scavo"
<>
wrote:
>The user isn't the responsible party in this case since we have a
>signed agreement with the user's organization. This is basically how it
>works with most (all?) SaaS apps.
And it's left to the organization to decide how much they care about the
identity of their users, but that's not a cross-organizational assurance
requirement.
Where this breaks down a bit is trying to federate access to resources in
that scenario as opposed to just running silos. Mostly it's still left to the
users owning resources to decide how to care about the binding between
identifiers and people. The RP doesn't care.
-- Scott
- [Assurance] silver, 2-factor, password requirements, Steven Carmody, 11/27/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/27/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/29/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/29/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/29/2012
- Re: [Assurance] silver, 2-factor, password requirements, Michael R. Gettes, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Farmer, Jacob, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Barton, 11/30/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/30/2012
- Re: [Assurance] silver, 2-factor, password requirements, Cantor, Scott, 11/30/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- RE: [Assurance] silver, 2-factor, password requirements, Jones, Mark B, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/28/2012
- Re: [Assurance] silver, 2-factor, password requirements, Tom Scavo, 11/27/2012
Archive powered by MHonArc 2.6.16.