mfa-interop - RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile
Subject: MFA Interop Working Group
List archive
- From: Eric Goodman <>
- To: "" <>
- Subject: RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile
- Date: Wed, 1 Mar 2017 23:58:12 +0000
- Accept-language: en-US
- Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=ucop.edu;
- Ironport-phdr: 9a23:F8nq1xJQPVsddbY5bdmcpTZWNBhigK39O0sv0rFitYgeLP3xwZ3uMQTl6Ol3ixeRBMOAuq8C0LOd6vGocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDqwbal8IRmrogndq80bipZ+J6gszRfEvmFGcPlMy2NyIlKTkRf85sOu85Nm7i9dpfEv+dNeXKvjZ6g3QqBWAzogM2Au+c3krgLDQheV5nsdSWoZjBxFCBXY4R7gX5fxtiz6tvdh2CSfIMb7Q6w4VSik4qx2ThLjlSUJOCMj8GzPisJ+kr9VoA6vqRJ8zY7bYoCVO+ZxcKzSZt4aWXFOUtpNWyBdHo+xbY0CBPcBM+ZCqIn9okMDoxSkBQmtGOzk1z5Ghnjx3aIn1uQuCwfG1xEnEtwBqnTUrcn6OL0TX+Cyy6nH0DDDYOlQ2Trm9YjHbhchoemWUb1ubMXR1FAiGgXYhVuTsYzoJy6Z2vgCvmSB4OdtV/ijhmA5pw1roDWj298ghpTXio8W0FzJ+iZ0zJw6KNC3UkJ3fNGpHZhWuiqHLYV5WNkiTHttuCsiyr0Jp5q7fC8SxZo/2xPRbOCLf5WR7hz+TOidPC50hHV+d72hnRqy9lWgyvHnWcmzzVZKqDdKnsPUtnAX0BzT9taIRedh/keg3jaP0Rrf6uZZIUAokarbLJkhwr0qmpUPtkTDGzf6mETwjKCIakUp4vWk5/job7n8qZKRNZV4hw/gPqg0mMGzHPw0Mg0UUGia/eS82qfj/Ur8QLhSgfM2iKjZv4zAKcoaoa65BBJa0oM55Ba5FDqmzcgXnX4fLF5fZh2IkpXpN0nUIP/kFfe/n0iskDBzyvDHOL3uHpLNLn3GkLfme7Zx8UlcyBA8zdxG4pJUBKsOLOvyWk/3qNzXEAU5Mwusw+v8DNV915geWX6UAqOHKq/SsFmI5v4xLOmWYo8apir9J+Y/6/HwkHA5hAxVQa78l54ZYTW5GOhrOUKBSXvqidAEFGAM+A0kQ6ai3FiMWHtSYWq/RaUkzjA9A4WjCIDFAIe3j+rS8j28G8h7fGFNQn+LFnvtfoPMD9oWaSnUDchmnjkNU5C8QIg5kxyiqVmpmPJcMuPI93hA5trY399v6riLmA==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
>> With their attribute based model, they allowed an SP to say "I require
>> minimum good-entropy" (lower level than MFA) and for the IdP to respond
>> with "I did MFA".
>How would they expect the SP to say that?
Hmmm. Looks like the SP doesn't literally request, but indicates they want
profile information sent. Conforming IdPs just populate the
eduPersonAssurance values appropriate to what was done, and the SP examines
and makes decisions based on the assertion.
The current draft doesn't have the old language around MFA vs. other levels
of authentication, so I don't know or remember how/if it signaled the need
for MFA "on the wire" vs. expecting the SP to display "hey dummy, log in
again but use MFA this time" in a message to the end user.
--- Eric
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/02/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
- RE: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Eric Goodman, 03/01/2017
- Re: [MFA-Interop] FW: [refeds] Consultation: REFEDS MFA Profile, Cantor, Scott, 03/01/2017
Archive powered by MHonArc 2.6.19.