Skip to Content.
Sympa Menu

mfa-interop - RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile

Subject: MFA Interop Working Group

List archive

RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile


Chronological Thread 
  • From: Eric Goodman <>
  • To: "" <>
  • Subject: RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile
  • Date: Wed, 1 Mar 2017 20:19:11 +0000
  • Accept-language: en-US
  • Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=ucop.edu;
  • Ironport-phdr: 9a23:VxWSWxZWmA4daY9FJ+HExTf/LSx+4OfEezUN459isYplN5qZr8q+bnLW6fgltlLVR4KTs6sC0LuL9fu4EjVbvN6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCzbL52LBi6twvcutUZjYd/JKs8ygbCr2dVdehR2W5mP0+YkQzm5se38p5j8iBQtOwk+sVdT6j0fLk2QKJBAjg+PG87+MPktR/YTQuS/XQcSXkZkgBJAwfe8h73WIr6vzbguep83CmaOtD2TawxVD+/4apnVAPkhSEaPDM/7WrZiNF/jLhDrRyhuRJx3pLUbo+WOvpwfKzdfM8VS2VOUctKSyxOGZ+wY5cTA+YdP+tVqZT2qVsUrRu5AAmhHOzhyiVJhnDqwKY00uMhEQbb0wwlBd0OtmnfodL6OqcIUOC60LPEwzTEb/NRxDj97ZLHchY6rPGRQb1wdtLRxVMxGAzYk1WdsIroNC6W2OQVq2WX8vZsWO21h2MoqQx9uDeiytk2hoTIgo8Z0k3I+Tt6zYovKtC1S1R3bNGrHZdKqi2XOIh7T8U/SG9yoik60KcJuZujcSgK1psnwxnfZuSffYWU5RzvSOicLS5liX1nZr6znhGy/lO+xeHmUcm0zUpKoTFCktnRsHACygbf6tCdSvt64keuxyqA1xzS6uFDJ0A4j63bK4M9wr40kZoTtkfDEjXql0Xxia+abkQk+u625OT7erjqu4OQOoBuhgzxMKkigMOyDfoiPgUPW2WX4eG826fi/U39TrVKlPo2kqzBvZ7VP8Qbp7K2DxVU3IYk7BawEjKm384enXQcMVJKZBWHj5DzN17QPf/4EO+zg06wnzdz2/DGIrrhD43MLnjFjLjherN960tbyAo119xf4IhUCr4YLPL2VE/+rsXUDh4/Mwyo3ennEtJ91psFVGKLA6+ZK7/SsUSW6u41IumMYpMVtyjnK/gj+fHukWE1lUUDcqa0wJtEIEy/S75jLUzcYHzwj80GCU8LuAE5SentjhuFSzEZLyK3Uat55zcnBZihFa/CQIuqhbmG2mG8BJIANU5cDVXZPG3pfM2rXPAAbSuUaptMiD0PE5emTIMk3BeGqQT90/xqIveCqX5Qjo7qyNUgv76brho17zEhV8k=
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

>> Perhaps also relevant: when the MFA Profile discussion went forward,
>> the REFEDS framework had planned to communicate authentication event
>> information via attributes; e.g.,
>> “eduPersonAssurance=REFEDS_IAP/authn/mfa” to say that MFA was done (rather
>> than AuthnContext). So much of their discussion was around how to
>> communicate authentication information at all, and wasn’t MFA/basic
>> specific.

>If the app cares, it will usually want to express that and restrict the IdP
>(which can't be done with attributes,
>at least not in practice), and if it doesn't, why communicate anything?

>But that said, that certainly explains why it wouldn't be needed, since
>expressing nothing would be pretty
>equivalent to basic.

For clarity, I should have said "originally". When I described our logic
behind using AuthnContexts they modified the profile. So as I understand it
they are back to using AuthnContext as per the profile.

(You may recall that at one point I forwarded you my comments on this point
off-list, asking if you were fact checking me, which was when I realized you
weren't on that particular list...)

--- Eric




Archive powered by MHonArc 2.6.19.

Top of Page