Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Risk-based AuthN in Federations

DATE: 21 November 2012

TIME: 12:15

ROOM: Alternative

TOPIC:

CONVENER: Roland vR-D.

SCRIBE: Brook

# of ATTENDEES: Montonori, Marina, Martin, Marko, Roland, Ajay, Milan, Peter, Lalla, Schuko (10)

MAIN ISSUES DISCUSSED 

  1. ...Roland's introductory comment...
  2. Is there any value in a "Federated Auth Verification/Confidence" service that people could use/add to their IdP (maybe SP) to do the "next round" of verification like facebook/google does?
    1.  i.e. a query to a service which would return - "user changed location" or "user using same eppn from different entity" or "I just want to verify the existance of a mobile for this user".
  3. Some people want to block country X but there could be legitimate users in that country.
  4. Creation of an API that was pluggable (repluggable) would create a market for implementation and research.
  5. There are parallels to SPAM detection systems. Should these be centralised
  6. Geolocation? Values can be spoofed - but will "robots" do this accurately?
  7. .Testing...

ACTIVITIES GOING FORWARD / NEXT STEPS

  1. ..Roland to follow-up with Privacy Identity (PI) Lab.

RESOURCES

  • ...

If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.

...