THIS CONSULTATION IS NOW CLOSED. EDITS MADE AFTER 22/06/2018 WILL NOT BE CONSIDERED AS PART OF THE CONSULTATION.
The REFEDS MFA Profile.Profile has been developed to complement the existing
The SFA Profile has been developed by the GÉANT Joint Research Activity on T&I Future Technologies and through discussion and preliminary consultation with the REFEDS Assurance Group. Particular attention has been paid to ensure the SFA Profile makes sense within the context of the REFEDS Assurance Framework proposal that is exposed to a parallel consultation. For more information, see the Assurance Working Group space.
Mikael Linden has written a useful background blog on the consultation.
The consultation CLOSED on Friday 22nd June 2018.
Participants are invited to:
- Review and comment on the proposed REFEDS SFA Profile and its suitability for publication as a REFEDS profile.
Following the consultation all comments will be taken back to the Assurance working group for review and if appropriate the Profile will then be forwarded to the REFEDS Steering Committee for sign-off and publication on the REFEDS website as per the REFEDS participants agreement.
Change Log for the REFEDS SFA Profile Consultation. Please fill in your comments and change requests below. Line numbers are available in the document for ease of reference.
|Number||Line / Reference||Proposed Change or Query||Proposer||Action / Decision (please leave blank)|
|1||General||The proposal sticks quite closely to NIST's guidelines (https://pages.nist.gov/800-63-3/sp800-63b.html) - it would be helpful to add a statement on whether these guidelines are in line with NIST 800-63B to allow people to self audit more easily||Hannah Short (CERN)||All NIST references were removed from the main document to avoid the impression that there is a connection to the NIST guidelines. Only the terminology used is aligned with NIST which is stated in the newly created appendix A.|
|2||Chapter 4, Table||Could those pools be opened, from where this amount of characters is taken from? Like "e.g. 52 letters (a-z)(A-Z)"|
Sami Silén (CSC)
|Appendix B was added which contains some examples of character sets.|
|3||Chapter 4, Table||Kind of minor notice, but might be something to open up a little bit. Reading this table after reading this NIST guidelines, I had problems to understand that second line in each "Authenticator type". It didn't mean secrets chosen randomly by the CSP (Which was the assumption I had got from the NIST document). Both of lines are subscriber chosen and length is just different because of wider pool.||Sami Silén (CSC)||Appendix A was added which defines the authenticator types used in the profile. This avoids the need to look into the NIST guidelines. Appendix B provides some examples, which should make it clear how to use the table.|
|4||Chapter 4, list||Suggest giving the required conditions names, so they can be referenced. E.g. SFA-1 (secret strength), SFA2 (secret lifetime), SFA3 (replacement). Not sure if it's worth referring to the sub-options.||Jens Jensen (STFC)||The unordered list in section 4 has been replaced by a numbered list for easy referencing.|