Date: Thu, 28 Mar 2024 23:33:48 +0000 (UTC)
Message-ID: <630525270.2038.1711668828064@wiki-prod.refeds.org>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_2037_1256185326.1711668828063"
------=_Part_2037_1256185326.1711668828063
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
REFEDS assurance vc 2018-01-22
REFEDS assurance vc 2018-01-22
REFEDS Assurance wg call
Monday 22 January 2018 at 15:30 CET/8:30 CST
CERN=E2=80=99s Vidyo portal: https://www.nikhef.nl/gri=
d/video/?m=3Drawg
Alan
Michael and Jule
P=C3=A5l
Tom
Mikael
Notes
- Memorized Secrets minimum requirements specification https://docs.google.com/docume=
nt/d/1iUp9ls7FLlk1_xGHDLBsa1LuBxqFWTv4PyYr2cefI3A/edit#
- describe better that the controls are to mitigate the risks
- =E2=80=9Chighly recommended=E2=80=9D is difficult text in a normative d=
ocument.
- explain =E2=80=9Cmitigation=E2=80=9D and =E2=80=9Cfully mitigation=E2=
=80=9D
- can key derivation function be dropped as a requirement?
- emphasise that the minimum requirements are not a best practice. They a=
re just the minimum. The same applies to recipes
- recipes
- recipes are sufficient but not necessary for compliance. They are norma=
tive statements that you implement and you know you are compliant with the =
minimum requirements, but there can be also other compliant ways
- the known password risk could be addressed e.g. by pwdCheckModule
- It would be useful to collect the mitigation approaches that people hav=
e come with. Provide a place in REFEDS wiki? That will require some moderat=
ion work, too? Could REFEDS assurance list help?
- =E2=80=9Cvery strong rate limiting=E2=80=9D =E2=80=93 what is very stro=
ng?
- RAF pilot
- volunteer IdPs: Chicago university, Aalto university, CSC staff IdP
- volunteer SPs: ELIXIR research infrastructure, BBMRI research infrastru=
cture, EGI Check-in
- Mikael will make a doodle poll for the pilot vc
- goal to finish and deliver results at REFEDS meeting in June
- next call
- before the next meeting, clean the SFA document family for internal rev=
iew
- Mikael to make doodle poll for next call
------=_Part_2037_1256185326.1711668828063--