Skip to Content.
Sympa Menu

assurance - Re: [Assurance] comments on draft MFA Interop WG documents

Subject: Assurance

List archive

Re: [Assurance] comments on draft MFA Interop WG documents


Chronological Thread 
  • From: "Basney, Jim" <>
  • To: InCommon Assurance <>
  • Subject: Re: [Assurance] comments on draft MFA Interop WG documents
  • Date: Tue, 10 May 2016 13:41:50 +0000
  • Accept-language: en-US

Hi,

>What does it mean for an IdP to "support MFA?" Is it the ability to issue
>assertions in compliance with the MFA profile for at least one member of
>its community?

Yes.

In XSEDE we would conclude that researchers on that campus can use MFA for
federated authentication to XSEDE resources, so XSEDE doesn't need to
issue separate MFA tokens to those researchers. For more info on campus
researchers using XSEDE, see: https://www.xsede.org/campus-champions

>Should the ability to issue assertions in compliance with the Base Level
>profile also be included so that SPs that prefer MFA but will accept
>anything else can do that with a single authentication request? This
>would imply that the ability to assert Base Level be required of all
>members of the IdP's community.

Yes.

I thought the InCommon Assurance program already defined a base LOA to
replace the POP. Any news on that?

>Would a formal institutional declaration of compliance with the MFA
>profile cause you to trust its MFA assertions more?

Yes.

>Could that declaration be as simple as a box in the Federation Manager
>that would be checked by the site administrator

Yes.

Sincerely,
Jim Basney
XSEDE's InCommon Site Administrator
>




Archive powered by MHonArc 2.6.16.

Top of Page