Page History

...

Background

The REFEDS Multi-Factor Authentication (MFA) Profile defines a standard signal a service provider may send to request an IdP to perform MFA during federated authentication. The IdP sends the corresponding signal in its response to indicate that MFA had occurred. The Profile also defines the criteria an IdP must meet in order to claim successful MFA using the Refeds MFA Profile.

The REFEDS MFA Profile is primarily used within SAML authentication. Its use is largely patterned from the OASIS Authentication Context for SAML.

Overview

The REFEDS MFA Profile v1.1 update, proposed by the MFA Subgroup working group, continues our effort to make the REFEDS MFA Profile clearer and easier to adopt. With v1.1, we focused on clarifying key implementation details and making the Profile usable with multiple messaging protocols (SAML and OIDC), while staying true to the intent of the original Profile.

Along the way, we encountered issues that needed to be addressed, but fell outside the scope of this update. This document captures those issuesThese issues are captured in an Editors' Notes for REFEDS MFA Profile v1.1 to help readers understand context and constraints of this profile. Where applicable, we also include recommendations for future actions.  Included as supporting material (i.e., The Editor's Note is not part of the consultation) is an Editors’ Note to help the readers understand context and constraints of this profile..

Background

The REFEDS Multi-Factor Authentication (MFA) Profile defines a standard signal a service provider may send to request an IdP to perform MFA during federated authentication. The IdP sends the corresponding signal in its response to indicate that MFA had occurred. The Profile also defines the criteria an IdP must meet in order to claim successful MFA using the Refeds MFA Profile.

The REFEDS MFA Profile is currently primarily used within SAML authentication. Its use is largely patterned from the OASIS Authentication Context for SAML.

...