Difference between revisions of "Is Assurance Real?"

From IIW
Jump to: navigation, search
(Undo revision 3329 by Igiwydijok (Talk))
Line 1: Line 1:
=[http://yxylepo.co.cc Page Is Unavailable Due To Site Maintenance, Please Visit Reserve Copy Page]=
'''Convener:''' RL "Bob" Morgan
'''Convener:''' RL "Bob" Morgan
'''Discussion notes:'''
'''Discussion notes:'''

Latest revision as of 15:29, 3 February 2011

Convener: RL "Bob" Morgan

Discussion notes:

Identity Assurance Frameworks:

  • OMBO4-04
  • E-Auth - CAF
  • NIST-800-83
  • ISAP
  • Kantara IAF
  • InCommon IAF

Challenges for universities to achieve level 2:

  • Need to evaluate if employees' and students' has been properly validated / verified.
  • Possibility that an unknown university service collects creds in the clear. Nothing stops someone from publishing an unencrypted web form that binds against the university LDAPS or Kerberos system.
  • Cost: assurance = money. Fundamental problem: IDP bears the cost, but the RP gets the benefit.