2013-08-05 - Product and Vendor Issues Subgroup Notes

Action Items

• Mike Wiseman will summarize this call during the full Cohortium call on Wednesday, 8/7.

Highlights

• Advocacy as an objective is good, but we may not represent a large enough segment of the market to influence vendors.  Our influence more likely comes from our involvement in the NSTIC as a market segment with more experience than most.
• Information we could collect from Cohortium participants
  • Experiences with specific MFA products.
  • Use cases and experiences integrating MFA products into specific environments (e.g., Microsoft, federation).  Some people will have experiences, and some will have only use cases; both are of interest.
    • We want to encourage the use of common "identity provider" systems (e.g., Shibboleth, CAS, Radius), when possible.  Sometimes this is not possible, however; for example, specific SPs may not allow it.  Also, it is sometimes more effective to evolve a strategy from individual SPs to common identity providers.
  • Summary of the capabilities of token and biometric vendors.  Joe St Sauver has summarized phone-based vendors.
• Not all use cases are interactive.  APIs may also require multi-factor authentication.
• We discussed arranging vendor presentations but decided not to take action at this time.  We'll reconsider after collecting more information about needs for MFA. Vendors that were discussed included:
  • OneID
  • Toopher
  • Entrust
• If there are vendors who should be participating in the Cohortium.  Feel free to point them to our wiki, especially the ground rules for vendor participation, the Internet2 intellectual property policy, and the membership application.  If you do this, please send a note to the list, however, so we know it's a Cohortium member recommended application.