REFEDS Assurance wg call
Monday 12 February 2018 at 15:30 CET/8:30 CST
CERN’s Vidyo portal:

Matthew E
David L
Davide V
Alan B
Pål A
Tom B
Mikael L


- review of SFA document  suite

  • SFA:
    • document title: keep the name single-factor authentication and don’t replace single with secure. Prepare FAQ to describe how SFA is different from REFEDS MFA
    • Section 1: use “Relying Party” and “Identity Provider” and provide explanation in parenthesis
    • section 3: consolidate the separate OIDC and SAML sentences into a single one.
    • section 5: no KBA at all (or set a sunset date for it)?
    • section 5: procedure to bypass authentication factor => procedure to reset authentication factor. Cross-check what NIST 800-63B states for this
    • section 5: many COTS products use 6 digit PINS. Update the section to reflect NIST 800-63B
  • memorized secrets:
    • section 4: rename column “compliant use” and add more explanatory descriptions in the column
    • section 4.C1: maximum secret length. There may be products with relatively short maximum password length. Consider removing the minimum requirement on the upper bound for password length
    • section 4.C5: it may be difficult for sites to disable password quality checks. Make password complexity checks optional (i.e. allow them)?
    • section 4.C8: consolidate the three requirements into one
  • cover the remaining commens in the next call

- next call

  • a 90 min call Monday 26 February 2018 at 15:30 CET/8:30 CST
  • No labels