Mailing list: firstname.lastname@example.org
LIGO (Scott Koranda)
Scott Koranda has asked and received from InCommon a mail list targeted at InCommon Participant “Government and Nonprofit Laboratories, Research Centers, and Agencies” organizations. He will in the next few days start a thread to try and get input from those organizations. If any input is received he will summarize and bring it back to this call.
Federal services (FICAM)
Intra-campus use cases (Dave Langenberg)
University System use-cases (Brett Bieber)
ERP systems shared by multiple campuses, e.g. PeopleSoft or SAP shared by University of Nebraska and Nebraska State Colleges, e.g. Nebraska Federation
Certain users of the ERP system may require MFA, e.g. users with access to edit or view PII of other individuals.
Students do not require MFA
Faculty or specific staff are required to use MFA
Users may have an identity in one or more IDPs, one or more of which, supports MFA
- Same example as Brett describes, plus:
- ERP system has the ability to do a local "stronger user authentication" function; perhaps MFA via telephony to a user's contact phone number.
- System requests mfa-basic-level profile authentication (potentially conditionally based on function being access), but will accept a weaker authentication if MFA is not supported at the user's campus (invoking the local authn instead).
- Individual campuses (and individual users) are expected to be provisioned to campus-managed MFA support on unaligned schedule, so ERP can't assume that all campuses (and users) CAN login using campus-managed MFA.