Page History

TF-OpenSpace – Session 2, room 7. 16 October 2013.

Lead by: Joost van Dijk .Notes: Brook Schofield(SURFnet) and Jaime Perez Crespo (UNINETT)

Attendees:

Notes: Brook Schofield

Problem:

Services

SURFconext has a big variability of IdPs -> This gateway model is useful for that range of IdPs and the Services they want to interact with.

Use Cases:

Research Infrastructure within eduGAIN (Virtual Organisations)
Payroll -> External Service (outsourcing) which makes institutional IDs and Phishing more attractive.
Institutional requirements to have select services NOT use just the institutional IdP
IGTF have an in-person ID vetting process. A compatible version would be useful to a broader audience (TCS Personal/eScience)
Medical Datasets have identified ID vetting requirements but not higher authentication levels
Guest IdP + ID Vetting => This is useful to give "same" assurance as institutional services.

SURFnet are exploring the "market" for vetting solutions that will scale (in addition to institutional vetting processes).

Verizon have a process to support LoA3 (supported by USA gov't) and may commercialise.

LoA

AuthN enhancement vs Identity LoA.

3 dimentional problem: ID Proof; AuthnContext; Attribute Assurance (covered by a different openspace topic).

Could be value in separated ID Proof + AuthnContext with regards to "the service".

Usability for 2 factor?

USA Institutions have developed Per User Opt-In
When do you need to reauth? (every login, 2 times per day, every 2 days, etc).
User can control some aspects of on/off.
Automatically off on devices that cannot support the 2 factor options deployed.
Delegated workflow to support an authoritive person to allow you to bypass 2-factor (in the case of misplacing the device) the other person becomes the 2nd factor.