REFEDS Assurance wg call
Monday 8 January 2018 at 15:30 CET/8:30 CST
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg
Tom
Pål
Michael and Jule
Alan
David L
Mikael
Notes
- Single-factor authentication profile and associated minimum requirements(Michael, Jule)
- SFA profile: https://docs.google.com/document/d/1HOcM2o4N7Ly9elRd5OQH2dCmfjY83WBv7ZCPgFysNmE/edit?usp=sharing
- add OIDC acr value to the profile
- keep a reference to NIST 800-63B that people remember it has been the underlying standard
- Minimum requirements documents
- approximates compliance with 800-63B
- each new minimum requirement document (earlier: “template”) will be approved by REFEDS after a public consultation
- keep the process to approve new minimum requirements outside this document (described in the website)
- currently one: minimum requirements for passwords https://docs.google.com/document/d/1iUp9ls7FLlk1_xGHDLBsa1LuBxqFWTv4PyYr2cefI3A/edit?usp=sharing
- in the future we may have also minimum requirements for one-time passwords, soft certificates, etc
- add extension points that there can be also compensating controls to mitigate the risk
- take into account that the components integrate with others -- what matters is that together they need to cover the requirements
- Recipe documents
- describe how the minimum requirements can be met with particular products or combination of products
- REFEDS can publish them when it adds value but they are not exposed to a public consultation
- currently we have: recipe to meet minimal requirements for passwords with AD and with OpenLDAP
- SFA profile: https://docs.google.com/document/d/1HOcM2o4N7Ly9elRd5OQH2dCmfjY83WBv7ZCPgFysNmE/edit?usp=sharing
- mounting REFEDS Assurance Framework on OIDC
- next call
- Monday 22 Jan at 15:30 CET/8:30 CST