Notes from the 11/27/2013 Cohortium Meeting

Action Items

• Everyone is asked to review MFA Business Drivers, Deployment Decision Tree and Integration Patterns and How Much Security Is Enough? and send comments to the list.  Assuming no unresolved comments by our next call, these documents will be promoted to "official" Cohortium documents.
  • Mike Grady may be making some small tweaks to the diagrams. He'll send mail to the list when they are ready.

Highlights

• Enterprise Deployment Strategies for Multi-Factor Authentication and Multi-Factor Authentication Solution Evaluation Criteria were approved as "official" Cohortium documents.
• InCert presentation by Jim Jokl
  • Jim's slides: InCert-MFA-Cohortium-20131127.pdf
  • Common device on-boarding tools for personal X.509 certificates.
    • Windows, MacOS, iOS, and Android are or will be supported.
  • Focus is to support "standard assurance," i.e., the level of identity proofing and credential issuance already in place at the institution.
  • InCert can be configured to enforce client configuration requirements for screen savers, administrator credentials, when the credential store must be unlocked with a password, etc.
  • The question was raised as to whether InCert could be used as part of LoA-3's multi-factor authentication compliance. The primary issue is when LoA-3 would require the certificate store to be unlocked (the second factor), either only at the start of a session or for each use of the certificate.  Since InCert can be configured to require either option, LoA-3 compliance is probably possible with InCert.
  • The InCert project is looking for testers.  Send mail to incert-info@internet2.edu if you're interested.