Scribing Template
DATE: 21 November 2012
TIME: 11.45 - 12.30
ROOM: Main room
TOPIC: 2 factor authentication as a service
CONVENER: Roland van Rijswijk Deij
SCRIBE: Nicole / Brook
# of ATTENDEES: 15: Roland, Roland, Victoriano, Lalla, Milan, Niels, Martin, Marko, Joost, Tom, Klaas, Nicole, Motonori, Schuko, Anders.
MAIN ISSUES DISCUSSED
- Roland described the progress is NL in building on work done on tiqr to provide 2-factor Authentication as a service: interest is high amongst NL organisations. Tenatively looking at a service called 'SURF sure'.
- Scoped as a SAML proxy at the SP.
- Could this sit on the IdP side? Ans: probably, but Roland not convinced that IdPs are able to achieve this. Possibly better in a mesh federation, where as a hub and spoke would work on an SP side model.
- Uses the criteria from ISO 29115. In the NL sense, most of the students can be assured up to level 4 in terms of identity vetting. This has to be managed at different levels for different (groups of) people. In terms of loa for authentication, this should be able to cover everything from 1-4 depending on technology used.
- Are we interested in the google 2factor use case? at this point in time probably no.
- Need to address how to express loa in SAML: SAML Authentication Context, SAML Authentication Context Classes, SAML Identity Assurance Profiles. This service will use the 3rd and use URNS from Leif's proposal for an LOA registry (RFC 6711). This matches the InCommon Silver approach.
- Q: what if an IdP already provides an authentication context?
- Q: could this be implemented as an attribute aggregation scenario rather than a proxy scenario? (possibly, it's complex)
- Users will self-register tokens at institutions, institutions act as trusted RA.
- Ask Roland for copies of the architecural study (not released yet).
ACTIVITIES GOING FORWARD / NEXT STEPS
- Looking for partners to maintain the software to run the service (particularly maintenance).
- What is the long-term plan for all the bits of software we are creating to support federation bits and pieces? Is this a workitem for TERENA?
- Talk to Roland!
RESOURCES
- (Ask Roland for study).
- 20121122 - TF-MNM - Step-up Authn-as-a-Service update.pdf
If slides, websites or other pointers for information are used in the session, please attach them to this page or send them to the secretary for posting.
If you don't have an account on the TERENA wiki you can post your notes as a comment to this page - and they'll be incorporated into the notes and then deleted