Risk-based AuthN in Federations
DATE: 21 November 2012
TIME: 12:15
ROOM: Alternative
TOPIC:
CONVENER: Roland vR-D.
SCRIBE: Brook
# of ATTENDEES: Montonori, Marina, Martin, Marko, Roland, Ajay, Milan, Peter, Lalla, Schuko (10)
MAIN ISSUES DISCUSSED
- ...Roland's introductory comment...
- Is there any value in a "Federated Auth Verification/Confidence" service that people could use/add to their IdP (maybe SP) to do the "next round" of verification like facebook/google does?
- i.e. a query to a service which would return - "user changed location" or "user using same eppn from different entity" or "I just want to verify the existance of a mobile for this user".
- Some people want to block country X but there could be legitimate users in that country.
- Creation of an API that was pluggable (repluggable) would create a market for implementation and research.
- There are parallels to SPAM detection systems. Should these be centralised
- Geolocation? Values can be spoofed - but will "robots" do this accurately?
- ...
ACTIVITIES GOING FORWARD / NEXT STEPS
- Roland to follow-up with Privacy Identity (PI) Lab.
RESOURCES
- ...
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
If you don't have an account on the TERENA wiki you can post your notes as a comment to this page - and they'll be incorporated into the notes and then deleted.