Child pages
  • REFEDS assurance vc 2018-01-08
Skip to end of metadata
Go to start of metadata

REFEDS Assurance wg call
Monday 8 January 2018 at 15:30 CET/8:30 CST
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg

Tom
Pål
Michael and Jule
Alan
David L
Mikael

Notes

 

  • Single-factor authentication profile and associated minimum requirements(Michael, Jule)
    • SFA profile: https://docs.google.com/document/d/1HOcM2o4N7Ly9elRd5OQH2dCmfjY83WBv7ZCPgFysNmE/edit?usp=sharing
      • add OIDC acr value to the profile
      • keep a reference to NIST 800-63B that people remember it has been the underlying standard
    • Minimum requirements documents
      • approximates compliance with 800-63B
      • each new minimum requirement document (earlier: “template”) will be approved by REFEDS after a public consultation
      • keep the process to approve new minimum requirements outside this document (described in the website)
      • currently one: minimum requirements for passwords https://docs.google.com/document/d/1iUp9ls7FLlk1_xGHDLBsa1LuBxqFWTv4PyYr2cefI3A/edit?usp=sharing
      • in the future we may have also minimum requirements for one-time passwords, soft certificates, etc
      • add extension points that there can be also compensating controls to mitigate the risk
      • take into account that the components integrate with others -- what matters is that together they need to cover the requirements
    • Recipe documents
      • describe how the minimum requirements can be met with particular products or combination of products
      • REFEDS can publish them when it adds value but they are not exposed to a public consultation
      • currently we have: recipe to meet minimal requirements for passwords with AD and with OpenLDAP

 


  •  next call
    • Monday 22 Jan at 15:30 CET/8:30 CST
  • No labels