MFA Interop Working Group

[David Walker <>]

Everyone,

Here's a proposed agenda from Karen and me for this Thursday's call (2/11/2016, 4:00-5:00 ET)

1. Welcome
2. Agenda bash
3. Use cases
• Who is going to use our profile?  Some possibilities include the InCommon/Comodo Certificate Manager and WorkDay.  Last week, we also thought there are probably research-related possibilities like CILogon.  Will people use the profile for use cases that are internal to their campuses?
• We'll want to talk to these people to answers questions about what needs to be in or out of our base-level MFA profile.
4. Continued discussion of Paul Caskey's language for the base-level MFA profile.
• "When SAML Authentication Context ‘xyz’ is used in a SAML Authentication Request or subsequent SAML Authentication Response, the meaning of that value is that a discrete second factor will always be (or was) used in the initial authentication event for the current web SSO session.  Such second factor will be resistant to phishing attempts and will be used regardless of the user’s device or location.  Normal SSO session options (duration, etc) are allowed.”
• Things we discussed last week:
• We may not want to call phishing out specifically.  There are, of course other risks, such as man-in-the-middle.
  
• Do we allow "trusted" devices?
• How long can the SSO session be?
• What questions about this language should we ask of the people responsible for our use cases?

As always:

 Dial-in numbers:
  +1-734-615-7474 (Please use if you do not pay for Long Distance)
  +1-866-411-0013 (English I2, toll free US/Canada Only)
PIN: 0148636#

Wiki space: https://spaces.internet2.edu/x/CY5HBQ
"Live scribe" meeting notes: https://docs.google.com/document/d/1adxlMCIqBIFEdrQ4J8sytV5zPqYIer7znaNp_Evqg0U/edit#heading=h.4zjjv9vxdyxi

I look forward to talking with all of you on Thursday.

David