Cohortium Subgroups

==>  Initial Cohortium Subgroup Membership  <==

The following subgroups address specific areas of interest related to multi-factor authentication. They were distilled from Common Threads from the Applications below.

  • Business Case Subgroup. This subgroup addresses the reasons an institution might want to deploy multi-factor authentication.
  • Deployment Strategies Subgroup. This subgroup addresses deployment issues for multi-factor authentication.
  • Technology Issues Subgroup. This subgroup addresses common technical issues for multi-factor authentication.
  • Product and Vendor Issues Subgroup. This subgroup addresses issues related to specific multi-factor authentication products and services. NOTE: this group was merged into the Technology Issues Subgroup in October 2013, and ceased to operate as a separate subgroup at that point.

The subgroups will serve as forums for discussion of issues of interest to the subgroup members. They will also serve to create artifacts to be used as part of the Cohortium's final product of a report and repository of information for other that follow.  The types of artifacts we would expect include:

  • Significant issues discussed
  • Use cases
  • Strategies for addressing the issues and use cases
  • Case studies of deployments

Common Threads from the Applications

The following represent some MFA interests that were expressed by multiple institutions in their Cohortium applications. Whether there is enough interest or need to create a subgroup in any of these areas is one thing we'll all want to explore.

  • Assurance as use case
  • Use cases involving VPN, ERPs, shell access, confidential/sensitive data access (HIPAA, PCI, financial, FERPA, ePHI, PII), password resets, first-use devices/BYOD, etc.
  • Business Case/risk management; sufficient to secure funding
  • Adaptive/context-aware/risk-based use
  • As part of strategic IAM/IdM/MFA roadmap
  • SSO environment integration:
    • CAS
    • Shibboleth
    • Other – local/open source, commercial (e.g. Oracle Adaptive Access Manager (OAAM), LastPass Enterprise, Citrix Access Gateway)
  • Integration with Microsoft technologies
  • Integration with Oracle Suite
  • Technologies and their integration
    • Duo
    • Yubikeys
    • Smart cards
    • User-based digital certificates
  • Deployment strategies
    • Require by user/service
    • Users can choose to use/opt-in
  • Influencing vendors
  • Concerns: poor cell phone coverage in region; hardware compatibility; scalability; federation; personal certs registration model/linkage with token; strong auth for Macintosh
  • No labels