MFA Interop Working Group

["Farmer, Jacob" <>]

Colleagues,

 

I want to prove a quick update on the Use Cases subgroup.  We met last Tuesday and our full meeting notes are in the scribing document[1].  The primary deliverable was to create a collection of generalizable use cases, that can be used to guide the specification drafting process.  The scenarios that we have outlined are:

 

§  IdP forces MFA independent of inband SP signaling

·         IdP force MFA for specific SPs (presumably as the result of an out of band negotiation/requirement) Geographic location triggering this?

·         IdP force MFA for specific users

·         IdP force MFA for capricious reasons

·         (May not require signaling)

§  SP requested MFA (signaled via some interop profile)

·         SP require MFA for all users

·         SP require MFA for specific users

·         SP require MFA for specific transactions (e.g., escalation)

·         SP request MFA non exclusively, meaning it would only allow non-MFA users access to “non-sensitive” functionality SP request no MFA to constrain costs; consider IdP as a service where there is a cost per AuthN

 

In our next call, we will work on drafting more reader-friendly versions of these, but I think that this summary provides pretty good general understanding of the group’s thinking.

 

** The request that we have for the full group is this: are you aware of any concrete use cases that do not generalize down to one of the broad use cases?  If so, please feel free to share with the list, and we will adjust the generalized use cases as we go along.

 

I’ll share another update soon.

 

Jacob

 

[1] https://docs.google.com/document/d/1adxlMCIqBIFEdrQ4J8sytV5zPqYIer7znaNp_Evqg0U/

 

=========================

Jacob Farmer

Identity Management Systems

(812) 856-0186