Some institutions are exploring using multi-factor authentication technologies to meet InCommon Silver standards. Motivators include deficiencies in processes for identity proofing, insecure methods for distributing credentials, and non-compliant passwords for existing credentials. Implementing multi-factor in a way that complies with Silver will help improve processes and security.
Wiki Markup
A multi-factor working group was formed with participants from the CIC Incommon Silver Project. Their work is summarized in a dicsussion of multi-factor implementations and examples. Comments and questions regarding the sample implementations are welcome.
...
Multi-factor Implementation Examples
...
Multi-factor Implementation Examples
Identity Assurance Profile (IAP) is designed to address credentials based on an Authentication Secret used for authentication of the subject to the IdP. A typical Authentication Secret is something you know such as a password or passphrase. Additional factors—something you have or something you are—are not addressed in the IAP. Section 4.2.3 of the IAP states, "If other Credentials are used to authenticate the Subject to the IdP, they must meet or exceed the effect of these requirements." Since there are several references to NIST [SP 800-63] throughout this section, institutions may wish to seek guidance from that NIST publication to justify assertions that their multi-factor deployment meets or exceeds the requirements.
...
Multi-factor Deployment Examples
...
...
| Include Page | |||
|---|---|---|---|
| |||
| Include Page | |||
|