Step-up authentication requirements and guidelines for SPs
This document collects use-cases and requirements from the communities to describe the current state of the field.
The goal is to also derive a common pattern to guide future implementations of Step-up authentication.
Whether OIDC RPs will be targeted is not clear yet.
To be published on friday
Meetings schedule and Minutes
|2017-07-17-11 13-00 (CEST)||https://webconf.vc.dfn.de/aarc-jra1|
Discuss documents A, B, C:
|We essentially worked inside the documents. Minutes do not make sense at this point|
|2017-07-28 13:00 (CEST)||https://webconf.vc.dfn.de/aarc-jra1||Discussion of documents A, B, C|
Decided to prioritise document C
Introduced June from RZG, who is liasing for Geant to consume results of our document
Document responsibility handed to Uros,
Finalise Intro: Marcus
|2017-11-07 10:00 (CET)|
Agreed from now on to use Vidyo room:
Short review of the doc, and discussion about the future steps.
Discussion about the possible implementations of the step-up:
From the SP point of view, there are 3 use cases:
Possible description of the third use case:
|2017-12-05 10:00 (CET)||https://www.nikhef.nl/grid/video/?m=aarcjra1||Discuss evolution of SuA documents|
There will be three documents:
|2018-01-16 10:00 (CET)||https://www.nikhef.nl/grid/video/?m=aarcjra1||Followup on Step-Up and other documents||We agreed to put all definitions to the AARC1-JRA1-Terms and definitions google doc at https://docs.google.com/document/d/18AllfUKLi90f1odm6hINkQvRljbFhy9lfkY1M447uBQ|
|2018-01-30 10:00 (CET)||https://www.nikhef.nl/grid/video/?m=aarcjra1||Finalise Step-up document|
Received various comments from Mikael, Jens and Mischa
Will include step-up flows from a Geant doc of Christos (Second factor authentication component for the Life Science AAI)
Will have Session at TIIME to discuss final document
Marcus will circulate a close-to-final version on Wednesday
|2018-02-13 10:00 (CET)||https://www.nikhef.nl/grid/video/?m=aarcjra1||Finalise Step-up document|
Received comments on close-to-final version
Marcus will circulate a 'pretty-final' (=closer-to-final) version on Wednesday
The call was missing partners from
|2018-03-06 10:00 (CET)||https://www.nikhef.nl/grid/video/?m=aarcjra1||Finalise Step-up document|
Move sections 2 and 4 to appendix
Open consultation about the recommendations
|2018-03-13 10:00||https://www.nikhef.nl/grid/video/?m=aarcjra1||Finalise Step-up document||Closed final comments in the document. Document frozen for the internal review at Geant (many thanks!!)|
|2018-03-20 10:00||https://www.nikhef.nl/grid/video/?m=aarcjra1||Finalise Step-up document|
|2018-03-27 10:00||https://www.nikhef.nl/grid/video/?m=aarcjra1||Information on finalisation process||Additional recommendation regarding the home-IdP to announce his capability to do MFA added to the document.|
|2018-04-04 10:00||https://www.nikhef.nl/grid/video/?m=aarcjra1||Information on finalisation process|
We had further discussion on the document over easter. In addition to wording, changes were mostly regarding whether and how the home-IdP announces his MFA capability. This part was moved to conlcusions, because it's not quite clear yet.
We also discussed whether we recommend that IdPs SHOULD inform whether they have MFA or whether they HAVE TO (in the sense that it would not make much sense otherwise). We agreed on SHOULD.