[WG-IDAssurance] Meeting minutes for 8 August 2013 IAWG call

Richard G. WILSHER (@Zygma) RGW at Zygma.biz
Thu Aug 8 11:46:31 CDT 2013

Re. today's discussion on the criterion below, I propose the following text
(there is no stipulation at AL1;  AL3 would be the same, except for the
existing qualifier "For non-PKI credentials, apply ...", and of course 'AL2'
would be replaced with 'AL3'; AL4 is also no stipulation).  


AL2_CM_CTR#025   Authentication protocols

Apply only authentication protocols which, through a comparative risk
assessment appropriate for AL2, are shown to have resistance to attack at
least as strong as that provided by commonly-recognized protocols such as:

a)                  tunneled password;

b)                 zero knowledge-base password;

c)                  SAML assertions.

Guidance:  Whilst many authentication protocols are well-established and may
be mandated or strongly-recommended by specific jurisdictions or sectors
(e.g. standards published by national SDOs or applicable to
government-specific usage) this criterion gives flexibility to advanced and
innovative authentication protocols for which adequate strength can be shown
to be provided by the protocol applied with the specific service.


Richard G. WILSHER
Founder & CEO
Description: cid:image001.png at 01CDA23E.6E8F4E90
O:  +1 714 965 99 42
M: +1 714 797 99 42
E:   RGW at Zygma.biz
W:  www.Zygma.biz <http://www.zygma.biz/> 


From: wg-idassurance-bounces at kantarainitiative.org
[mailto:wg-idassurance-bounces at kantarainitiative.org] On Behalf Of Andrew
Sent: August 08, 2013 15:15
To: wg-idassurance at kantarainitiative.org
Subject: [WG-IDAssurance] Meeting minutes for 8 August 2013 IAWG call




*	Meeting was quorate
*	Discussion centred on the Tickets and proposed text for SAC changes
*	Check for items deferred to next week for further discussion

Andrew Hughes CISM CISSP 

In Turn Information Management Consulting
+1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com 
Identity Management | IT Governance | Information Security 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20130808/b4675fd1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10010 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20130808/b4675fd1/attachment-0001.png>

More information about the WG-IDAssurance mailing list