REFEDS Assurance wg call
Monday 12 February 2018 at 15:30 CET/8:30 CST
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg
Matthew E
David L
Davide V
Alan B
Pål A
Tom B
Mikael L
Notes
- review of SFA document suite
- SFA: https://docs.google.com/document/d/1HOcM2o4N7Ly9elRd5OQH2dCmfjY83WBv7ZCPgFysNmE/edit
- document title: keep the name single-factor authentication and don’t replace single with secure. Prepare FAQ to describe how SFA is different from REFEDS MFA
- Section 1: use “Relying Party” and “Identity Provider” and provide explanation in parenthesis
- section 3: consolidate the separate OIDC and SAML sentences into a single one.
- section 5: no KBA at all (or set a sunset date for it)?
- section 5: procedure to bypass authentication factor => procedure to reset authentication factor. Cross-check what NIST 800-63B states for this
- section 5: many COTS products use 6 digit PINS. Update the section to reflect NIST 800-63B
- memorized secrets: https://docs.google.com/document/d/1iUp9ls7FLlk1_xGHDLBsa1LuBxqFWTv4PyYr2cefI3A/edit
- section 4: rename column “compliant use” and add more explanatory descriptions in the column
- section 4.C1: maximum secret length. There may be products with relatively short maximum password length. Consider removing the minimum requirement on the upper bound for password length
- section 4.C5: it may be difficult for sites to disable password quality checks. Make password complexity checks optional (i.e. allow them)?
- section 4.C8: consolidate the three requirements into one
- cover the remaining commens in the next call
- next call
- a 90 min call Monday 26 February 2018 at 15:30 CET/8:30 CST