Assurance

["Cantor, Scott" <>]

On 11/30/12 2:29 PM, "Jones, Mark B" 
<>
 wrote:

>So is your argument that the data managed in Federation Manager is not
>owned by InCommon and thus InCommon bares none of the risk?

Yes, and I'm fairly sure that InCommon's participation agreement
explicitly outlines that it bears no risk.

>And because of this, are you saying that the member organizations can
>analyze their own risk in isolation and decide for themselves what
>procedure to use to issue credentials to their administrators and thus
>what LoA that credential meets?  Doesn't this mean that the Federation
>Manager shouldn't care how administrators authenticate?

I think there are two sets of accounts here, one that InCommon manages and
the delegated ones. I believe that it's InCommon's choice what risk they
can accept in terms of authentication strength for the credentials it's
issuing.

On the delegated side, I could be wrong, but I believe that in fact it's
*entirely* true that InCommon doesn't care how they authenticate. I didn't
think we were expecting to require anything in particular for them, and I
don't see anything on the Delegated Admin page that mentions it. So I
think you're dead on.

>If InCommon doesn't care who is authenticating that sounds like Bronze to
>me.

IMHO, passwords are hopeless, and no amount of entropy matters when there
are secret questions in place to reset them. If you want to avoid all
that, but leave out proofing, it's not Bronze. And it's not Silver. So
whatever it is, it's something else.

-- Scott