Skip to Content.
Sympa Menu

mfa-interop - Re: [MFA-Interop] Agenda for the 2/18/2016 MFA Interoperability Profile Working Group call

Subject: MFA Interop Working Group

List archive

Re: [MFA-Interop] Agenda for the 2/18/2016 MFA Interoperability Profile Working Group call


Chronological Thread 
  • From: Nick Roy <>
  • To: MFA Interoperability Profile Working Group <>
  • Subject: Re: [MFA-Interop] Agenda for the 2/18/2016 MFA Interoperability Profile Working Group call
  • Date: Wed, 17 Feb 2016 22:30:41 +0000
  • Accept-language: en-US
  • Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=internet2.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23
Michael Gettes from Penn State might be good to contact about Workday.  They are in the middle of an implementation.  I think UW is, too, maybe Jim Phelps and / or Nathan Dors?  I think we need Workday use cases from the customers, not the vendor.

Nick

From: <> on behalf of David Walker <>
Date: Wednesday, February 17, 2016 at 3:05 PM
To: MFA Interoperability Profile Working Group <>
Subject: [MFA-Interop] Agenda for the 2/18/2016 MFA Interoperability Profile Working Group call

Everyone,

Here's a reminder of this Thursday's MFA Interoperability Profile Working Group call (2/18/2016, 4:00-5:00 ET).  As always:

 Dial-in numbers:
  +1-734-615-7474 (Please use if you do not pay for Long Distance)
  +1-866-411-0013 (English I2, toll free US/Canada Only)
PIN: 0148636#

Wiki space: https://spaces.internet2.edu/x/CY5HBQ
"Live scribe" meeting notes: https://docs.google.com/document/d/1adxlMCIqBIFEdrQ4J8sytV5zPqYIer7znaNp_Evqg0U/edit#heading=h.4zjjv9vxdyxi


A proposed agenda from Karen and me follows; it's also in our "live scribe" document.  I look forward to talking with all of you on Thursday.

David


Agenda

  1. Welcome

  2. Agenda bash

  3. FYI:  GTRI Trustmark Pilot.  Specific trustmark definitions are at https://trustmark.gtri.gatech.edu/operational-pilot/trustmark-definitions/

  4. FYI:  The use cases we’ve identified so far:

    • InCommon Certificate Manager (Paul/Nick/Comodo)

    • Federation Manager (Paul/Nick)

    • WorkDay (we'll need to find someone to contact)

      • Other cloud services?

    • LIGO (Scott Koranda)

      • Other VOs?

    • Federal services (FICAM)

    • Intra-campus use cases (Dave Langenberg)

      • Probably others.

  5. Answering our current questions

    • See table below.

    • Which should we answer in our base-level MFA profile?

    • Which should we leave for future work?

    • How many can we answer today?


Current Questions

Question

Base-Level MFA

Future Required Trustmark

Future Optional Trustmark

1

Do we want to call phishing out specifically? There are, of course, other risks, such as man-in-the-middle.


2

Do we allow "trusted" access devices (PCs, phones, etc.)?


3

How long can the SSO session be?


4

Do we allow "fail open?"


5

Is a second factor that is unlocked with the first factor (e.g., VOIP phone) really a second factor?


6

Can a second factor be registered solely on the basis of the first factor?


7

In general, is the registration process "strong enough?"


8



9



10



11



12






Archive powered by MHonArc 2.6.16.

Top of Page