This is a collaboration space for the Deployment Strategies Subgroup of the MFA Cohortium. Unless otherwise designated, everything contained here should be viewed as a work in progress, subject to change without notice.

The Deployment Strategies Subgroup explores common deployment issues related to the deployment of multi-factor authentication.  Issues include:

  • Requirements for users and services
  • Options for users (e.g., user choice to require MFA)
  • Strategies for inclusion of naive users and users who may be reluctant to use the new technology.
  • Policy and legal issues (e.g., FERPA, HIPAA)
  • Registration and credentialing
  • Frameworks (e.g., NIST 800-63) and principles for deploying multi-factor authentication
  • Operational Issues

Meetings

The Deployment Strategies Subgroup meets every other week via conference call on alternate Fridays, 2:00p-3:00p ET, starting August 2, 2013.

The deployment@lists.cohortium.internet2.edu list is used for communication between meetings.

Work in Progress

White Papers

Topics for Future Discussion

  • How does (should?) MFA affect SSO session lifetime? What are the best practices?
  • Strategies for achieving acceptance of requirements to use MFA?
    • Increased session timeouts
    • Physical characteristics of tokens and how they're used
    • Require MFA only when needed (for specific roles/services, or in specific geographic locations)
    • Start with an opt-in deployment to build a community of enthusiasts
  • No labels