Date: Fri, 29 Mar 2024 11:25:39 +0000 (UTC)
Message-ID: <1335957380.41.1711711539156@wiki-prod.refeds.org>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_40_2052870787.1711711539154"
------=_Part_40_2052870787.1711711539154
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
REFEDS assurance vc 2018-02-12
REFEDS assurance vc 2018-02-12
REFEDS Assurance wg call
Monday 12 February 2018 at 15:30 CET/8:30 CST
CERN=E2=80=99s Vidyo portal: https://www.nikhef.nl/gri=
d/video/?m=3Drawg
Matthew E
David L
Davide V
Alan B
P=C3=A5l A
Tom B
Mikael L
Notes
- review of SFA document suite
- SFA: htt=
ps://docs.google.com/document/d/1HOcM2o4N7Ly9elRd5OQH2dCmfjY83WBv7ZCPgFysNm=
E/edit
- document title: keep the name single-factor authentication and don=E2=
=80=99t replace single with secure. Prepare FAQ to describe how SFA is diff=
erent from REFEDS MFA
- Section 1: use =E2=80=9CRelying Party=E2=80=9D and =E2=80=9CIdentity Pr=
ovider=E2=80=9D and provide explanation in parenthesis
- section 3: consolidate the separate OIDC and SAML sentences into a sing=
le one.
- section 5: no KBA at all (or set a sunset date for it)?
- section 5: procedure to bypass authentication factor =3D> procedure =
to reset authentication factor. Cross-check what NIST 800-63B states for th=
is
- section 5: many COTS products use 6 digit PINS. Update the section to r=
eflect NIST 800-63B
- memorized secrets: https://docs.google.com/document/d/1iUp9ls7FLlk1_xGHDLBsa1LuBxqF=
WTv4PyYr2cefI3A/edit
- section 4: rename column =E2=80=9Ccompliant use=E2=80=9D and add more e=
xplanatory descriptions in the column
- section 4.C1: maximum secret length. There may be products with relativ=
ely short maximum password length. Consider removing the minimum requiremen=
t on the upper bound for password length
- section 4.C5: it may be difficult for sites to disable password quality=
checks. Make password complexity checks optional (i.e. allow them)?
- section 4.C8: consolidate the three requirements into one
- cover the remaining commens in the next call
- next call
- a 90 min call Monday 26 February 2018 at 15:30 CET/8:30 CST
------=_Part_40_2052870787.1711711539154--