Child pages
  • REFEDS assurance vc 2018-03-23
Skip to end of metadata
Go to start of metadata

REFEDS Assurance wg telco
Friday 23 March 2018 at 14:30 CET/8:30 CDT
CERN’s Vidyo portal: https://www.nikhef.nl/grid/video/?m=rawg

Alan B
Eskil S
Jule Z
Pål A
Mikael L

Notes

- new SFA profile format: https://docs.google.com/document/d/1ZjpzyYWZhqjbTeIzxX9Vug9Whqb9YEkK29e1FBjL5VM/edit#

  • participantes liked the new format better
  • SFA is better than base which has already a meaning in InCommon
  • discussion if “more secure” SFA will be needed later – no clear consensus
  • section 4 first table
    • asterisk not explained in table header
    • memorized secrets. 62-71 –> 10 characters. Add example characterset pool (a-z and A-Z etc). Refrain from imposing character complexity requirements
    • lifetime of the secrets in row 2 is not made explicit. Does an item in row 2 assume the secret is locked after a single wrong entry?
    • does row 2 really exist as a single authentication factor?
    • 2048 bit length for asymmetric keys
    • check the length of ECC key
  • section 4, replacement of lost factor
    • replacement or recovery? Replacement works better.
    • there must be a way to get a new password

-next call on Wednesday 4th April at 1500 CEST


  • No labels