mfa-interop - Re: [MFA-Interop] Changes based on conversation on today's call
Subject: MFA Interop Working Group
List archive
- From: Nick Roy <>
- To: Fredrik Åslund <>, Eric Goodman <>
- Cc: "" <>
- Subject: Re: [MFA-Interop] Changes based on conversation on today's call
- Date: Fri, 29 Apr 2016 14:08:42 +0000
- Accept-language: en-US
- Authentication-results: umu.se; dkim=none (message not signed) header.d=none;umu.se; dmarc=none action=none header.from=internet2.edu;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
I think this highlights the futililty of trying to achieve a perfectly secure
solution with this or any other authentication profile, but it's a very valid
point nonetheless.
Nick
On 4/29/16, 12:17 AM,
"
on behalf of Fredrik Åslund"
<
on behalf of
>
wrote:
>On Thu, 28 Apr 2016, Eric Goodman wrote:
>
>> Hi all,
>>
>> I put some proposed changes in the Usage Guidance document based on our
>> conversation today. They are all entered as suggestions, so they are
>> clearly marked (and undoable):
>>
>>
>> * Added a section called "Types of Factors" that calls out that
>> two different passwords is not compliant with the profile.
>>
>> * Modified the language about factors that are accessible using
>> only the first factor per suggestions on the call.
>>
>> o Focus was on inserting the text: "is no more secure than the single
>> factor by itself" as an explanation of why it is not considered sufficient.
>>
>Do not underestimate the other way around, for example a "second factor"
>mobile phone, with "first factor" password stored in login forms in the
>web browser in the phone.
>
>/Fredrik
>
>> * Same change made to the "reregistration" example.
>>
>> * Added text about SPs needing to validate returned
>> <AuthnContextClassRef> values in the "Considerations" section.
>>
>> o Scott, I did already take a stab to make it more strongly focus on
>> validating the values in responses, rather than focusing on "not trusting"
>> the request by itself, but of course feel free to further edit.
>>
>> In the Base Level profile, I also suggested changes to remove the language
>> that the profile will "establish a base over which other profiles can be
>> defined".
>>
>> --- Eric
>>
>
>Fredrik Åslund
>----------------------------------
>System Administrator
>IT-stöd och systemutveckling (ITS)
>Umeå University
>901 87 Umeå
>Sweden
>----------------------------------
>Telefon: +46 (0)90 786 65 43
>Mobil: +46 (0)70 303 78 36
>----------------------------------
>
>www.its.umu.se
- [MFA-Interop] Changes based on conversation on today's call, Eric Goodman, 04/28/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Fredrik Åslund, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Nick Roy, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, David Langenberg, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Nick Roy, 04/29/2016
- RE: [MFA-Interop] Changes based on conversation on today's call, Roger A Safian, 04/29/2016
- RE: [MFA-Interop] Changes based on conversation on today's call, David Langenberg, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Scott Koranda, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Keith Hazelton, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Bellina, Brendan, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Nick Roy, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Ann West, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Keith Hazelton, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Scott Koranda, 04/29/2016
- RE: [MFA-Interop] Changes based on conversation on today's call, David Langenberg, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, David Langenberg, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Nick Roy, 04/29/2016
- Re: [MFA-Interop] Changes based on conversation on today's call, Fredrik Åslund, 04/29/2016
- RE: [MFA-Interop] Changes based on conversation on today's call, Eric Goodman, 04/29/2016
Archive powered by MHonArc 2.6.16.