Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Subject:RE: [Assurance] comments on draft MFA Interop WG documents
Date:Wed, 4 May 2016 13:48:10 +0000
From:Cantor, Scott <> <>

> I hope we don't need to require an addendum for MFA...
> > I think the intent was for self-assertion.

I won't speak for the WG, but while working on the material, I had been operating under the assumption this was not an assurance category at all but a self-asserted AuthnContextClassRef (in SAML terms), just like many others defined in SAML already. Thus the idea of a self-asserted category to go with a self-asserted AuthnContext seemed redundant (but that may prove not to be the case for other reasons). I didn't actually notice the naming convention in the URI included the word assurance, and tend to think that may be confusing as a result and worth reconsidering before this finalizes. Sometimes the obvious doesn't hit you when you're staring at it closely. -- Scott

Subject:RE: [Assurance] comments on draft MFA Interop WG documents
Date:Wed, 4 May 2016 14:00:43 +0000
From:Jokl, James A. (Jim) (jaj) <> <>

+1 I made it to many of the calls and always had the self-asserted picture in my mind as the basic perspective -- that this was about passwords no longer being adequate and what is the new baseline authentication. I still think of this stuff as "Standard Assurance" - good for whatever applications you used to just use and ID/Password for - but I get Scott's point too about the name. Note that this work took a nice low bar on the technical side - almost anything that you can call a second factor is acceptable -- and there is no discussion about identity proofing. All good for self-asserted, perhaps less so if people were thinking differently. Jim