Skip to Content.
Sympa Menu

assurance - Re: [Assurance] silver, 2-factor, password requirements

Subject: Assurance

List archive

Re: [Assurance] silver, 2-factor, password requirements


Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "" <>
  • Subject: Re: [Assurance] silver, 2-factor, password requirements
  • Date: Fri, 30 Nov 2012 02:59:39 +0000
  • Accept-language: en-US
On 11/29/12 9:40 PM, "Jones, Mark B"
<>
wrote:

>I strongly disagree. You can't lump ALL RPs in the "doesn't care" column.

Certainly not all, and "doesn't care" is perhaps an overstatement, but
"most", and "dealt with out of band or with contracts or with much less
formalism" is self-evidently the norm to me.

>Strong binding (well... at least LoA2) between authentication credentials
>and their owners has been critical for every use case I have been
>involved with. These are cases that deal with HIPAA, FERPA, PII, PHI.
>Maybe these are edge cases, but identity vetting less than Silver would
>be a show stopper.

I don't think anything is a show stopper if liability is addressed
somewhere, somehow. This is just one tool for it.

-- Scott



Archive powered by MHonArc 2.6.16.

Top of Page