...
# of ATTENDEES: 15: Roland, Roland, Victoriano, Lalla, Milan, Niels, Martin, Marko, Joost, Tom, Klaas, Nicole, Motonori, Schuko, Anders.
MAIN ISSUES DISCUSSED
- Roland described the progress is NL in building on work done on tiqr to provide 2-factor Authentication as a service: interest is high amongst NL organisations. Tenatively looking at a service called 'SURF sure'.
- Scoped as a SAML proxy at the SP.
- Could this sit on the IdP side? Ans: probably, but Roland not convinced that IdPs are able to achieve this. Possibly better in a mesh federation, where as a hub and spoke would work on an SP side model.
- Uses the criteria from ISO 29115. In the NL sense, most of the students can be assured up to level 4 in terms of identity vetting. This has to be managed at different levels for different (groups of) people. In terms of loa for authentication, this should be able to cover everything from 1-4 depending on technology used.
- Are we interested in the google 2factor use case? at this point in time probably no.
- Need to address how to express loa in SAML: SAML Authentication Context, SAML Authentication Context Classes, SAML Identity Assurance Profiles. This service will use the 3rd and use URNS from Leif's proposal for an LOA registry (RFC 6711). This matches the InCommon Silver approach.
- Q: what if an IdP already provides an authentication context?
- Q: could this be implemented as an attribute aggregation scenario rather than a proxy scenario? (possibly, it's complex)
- Users will self-register tokens at institutions, institutions act as trusted RA.
- Ask Roland for copies of the architecural study (not released yet).
...
- (Ask Roland for study).
- 20121122 - TF-MNM - Step-up Authn-as-a-Service update.pdf
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
...