...
| Subject: | RE: [Assurance] comments on draft MFA Interop WG documents |
|---|---|
| Date: | Wed, 4 May 2016 13:48:10 +0000 |
| From: | Cantor, Scott <cantor.2@osu.edu> |
| Reply-To: | assurance@incommon.org |
| To: | assurance@incommon.org <assurance@incommon.org> |
> I hope we don't need to require an addendum for MFA...
> > I think the intent was for self-assertion.
I won't speak for the WG, but while working on the material, I had been operating under the assumption this was not an assurance category at all but a self-asserted AuthnContextClassRef (in SAML terms), just like many others defined in SAML already. Thus the idea of a self-asserted category to go with a self-asserted AuthnContext seemed redundant (but that may prove not to be the case for other reasons). I didn't actually notice the naming convention in the URI included the word assurance, and tend to think that may be confusing as a result and worth reconsidering before this finalizes. Sometimes the obvious doesn't hit you when you're staring at it closely. -- Scott
| Subject: | RE: [Assurance] comments on draft MFA Interop WG documents |
|---|---|
| Date: | Wed, 4 May 2016 14:00:43 +0000 |
| From: | Jokl, James A. (Jim) (jaj) <jaj@virginia.edu> |
| Reply-To: | assurance@incommon.org |
| To: | assurance@incommon.org <assurance@incommon.org> |
+1 I made it to many of the calls and always had the self-asserted picture in my mind as the basic perspective -- that this was about passwords no longer being adequate and what is the new baseline authentication. I still think of this stuff as "Standard Assurance" - good for whatever applications you used to just use and ID/Password for - but I get Scott's point too about the name. Note that this work took a nice low bar on the technical side - almost anything that you can call a second factor is acceptable -- and there is no discussion about identity proofing. All good for self-asserted, perhaps less so if people were thinking differently. Jim
...