...
Risk-based AuthN in Federations
DATE: 21 November 2012
TIME: 12:15
ROOM: Alternative
TOPIC:
CONVENER: Roland vR-D.
SCRIBE: Brook
# of ATTENDEES: Montonori, Marina, Martin, Marko, Roland, Ajay, Milan, Peter, Lalla, Schuko (10)
MAIN ISSUES DISCUSSED
- ...Roland's introductory comment...
- Is there any value in a "Federated Auth Verification/Confidence" service that people could use/add to their IdP (maybe SP) to do the "next round" of verification like facebook/google does?
- i.e. a query to a service which would return - "user changed location" or "user using same eppn from different entity" or "I just want to verify the existance of a mobile for this user".
- Some people want to block country X but there could be legitimate users in that country.
- Creation of an API that was pluggable (repluggable) would create a market for implementation and research.
- There are parallels to SPAM detection systems. Should these be centralised
- Geolocation? Values can be spoofed - but will "robots" do this accurately?
- .Testing...
ACTIVITIES GOING FORWARD / NEXT STEPS
- ..Roland to follow-up with Privacy Identity (PI) Lab.
RESOURCES
- ...
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
...