Assurance

["Dunker, Mary" <>]

> If that were true, why introduce a second factor?

I would agree with you in thinking most IdPs would not introduce a 2nd factor 
if all the requirements were met with the "shared Authentication Secret."  
However, I don't think we can predict what sorts of implementations IdPs may 
propose, especially considering the Higher Ed realm. There is also some 
flexibility built into the framework that allows the IdP to present a case 
for "alternatives" that InCommon will review. Since multi-factor 
implementations are outside the scope of the IAP, I think they will need to 
be reviewed on a case by case basis.

Mary

-----------------------------------------------------------------
Mary Dunker
Director, Secure Enterprise Technology Initiatives
Virginia Tech Information Technology
1700 Pratt Drive
Blacksburg, VA 24060
540-231-9327

 
--------------------------------------------------------------------


-----Original Message-----
From: 

 
[mailto:]
 On Behalf Of Tom Scavo
Sent: Thursday, November 29, 2012 4:55 PM
To: 

Subject: Re: [Assurance] silver, 2-factor, password requirements



> The CIC schools' multi-factor working group thought at least one of 
> the factors would need to meet all the Silver requirements.

If that were true, why introduce a second factor? In any case, this advice 
doesn't seem to align with the spirit and intent of the IAP: "If other 
Credentials are used to authenticate the Subject to the IdP, they must meet 
or exceed the effect of these requirements."

?

Tom