...
The REFEDS MFA Profile v1.1 update, proposed by the MFA Subgroup working group of the REFEDS Assurance Working Group, continues our effort to make the REFEDS MFA Profile clearer and easier to adopt. With v1.1, we focused on clarifying key implementation details and making the Profile usable with multiple messaging protocols (SAML and OIDC), while whilst staying true to the intent of the original Profile.
Along the way, we encountered issues that needed to be addressed, but fell outside the scope of this update. These issues are captured in an Editors' Notes for REFEDS MFA Profile v1.1 to help readers understand context and constraints of this profile. Where applicable, we also include recommendations for future actions. The Editor's Note is for reference and not part of the consultation.
Prior to this public consultation a community chat was held. The Community Chat was recorded and slides from the presentation are available.
Background
The REFEDS Multi-Factor Authentication (MFA) Profile defines a standard signal that a service provider may send to request an IdP to perform MFA during federated authentication. The IdP sends the corresponding signal in its response to response to indicate that MFA had occurred. The Profile also defines the criteria the criteria that an IdP must meet in order to claim successful MFA using the Refeds REFEDS MFA Profile.
The REFEDS MFA Profile is currently primarily used within SAML authentication. Its use is largely patterned from the OASIS Authentication Context for SAML.
...
| Info |
|---|
A PDF for the consultation is available, REFEDS-MFA-Profile-v1.1-draft.pdf. Read the Editors’ Note for REFEDS MFA Profile v1.1 for additional background. All comments should be made on consultations@lists.refeds.org or added to the comment log below. Comments , comments posted to other channels will not be included in the consultation review. |
...