REFEDS Assurance wg call
Monday 8 January 2018 at 15:30 CET/8:30 CST
CERN’s Vidyo portal:

Michael and Jule
David L



  • Single-factor authentication profile and associated minimum requirements(Michael, Jule)
    • SFA profile:
      • add OIDC acr value to the profile
      • keep a reference to NIST 800-63B that people remember it has been the underlying standard
    • Minimum requirements documents
      • approximates compliance with 800-63B
      • each new minimum requirement document (earlier: “template”) will be approved by REFEDS after a public consultation
      • keep the process to approve new minimum requirements outside this document (described in the website)
      • currently one: minimum requirements for passwords
      • in the future we may have also minimum requirements for one-time passwords, soft certificates, etc
      • add extension points that there can be also compensating controls to mitigate the risk
      • take into account that the components integrate with others -- what matters is that together they need to cover the requirements
    • Recipe documents
      • describe how the minimum requirements can be met with particular products or combination of products
      • REFEDS can publish them when it adds value but they are not exposed to a public consultation
      • currently we have: recipe to meet minimal requirements for passwords with AD and with OpenLDAP


  •  next call
    • Monday 22 Jan at 15:30 CET/8:30 CST
  • No labels