On a previous Assurance call, there had been a request for a campus to develop an Alternative Means for Satisfying Assurance Criteria for use of Duo Security Two-Factor Authentication. http://www.incommon.org/duo/
Texas A&M and Penn State have expressed interest, and this will be discussed further during Identity Week, Nov. 11-15.
Shib IdP Enhancements Progress https://spaces.at.internet2.edu/display/InCAssurance/Shibboleth+Enhancements+-+Project+Status
David Walker reported that the Shibboleth IDP Enhancements Project is in acceptance testing now. The enhancements will enable a Shibboleth IdP to support the InCommon Assurance Program's multiple assurance profiles, as well as other authentication contexts that may be defined by IdPOs and their partners. This work could be used to support Multi-Factor Authentication and the work emerging from the Internet2 Scalable Privacy Project. The SP specifies one or more AuthN contexts that it will accept in receiving an identity assertion. The decision of what AuthN options to present to the user are based on what the SP requests, and on information about the user (retrieved from the IdM system) regarding what AuthN contexts that user is certified for (bronze or silver).
It was noted that the CommIT project may also benefit from this Shibboleth Enhancement.
Ann noted that it was initially thought that an alternative means would be required for AD and Silver. But the Cookbook has described the fact that an alternative means is not necessarily needed, depending on the architecture of how a site is using AD.
If there are further comments, please send them to the list or send them to Ann and she will forward them.
Reading Bronze to Begin in DecemberBronze
Ann reported that over the last several months, a number of individuals have expressed interest in discussing the interpretation of the Bronze (and later Silver) profile specifics.