2010-7-12 MFA call

Your Conference Line will be E; Press 5 off the voicemail tree.

Conference DN: 203-432-8598 Participants
Chairperson DN: 203-432-8546 (Susan)

Discussion of policy definition

Debate about whether a policy can initially be configured statically using Spring injection. Major downside is that the server must be restarted with new configuration to add a new policy. Up side is the ability to deliver a version of case capable of supporting authentication policies sooner.

What is a Policy?

A policy is algorithm plus inputs using of any collection of authentication components. An example of a policy might be that a form based password authentication is required OR a certain certificate. Another example could be that a user must provide both a kerberos password and a Vasco password via a form. cf MACE paccman definition

Can A Policy be statically configured?

A discussion of whether any runtime service inputs are required for a policy took place. Howard states an extra parameter map can be added as a placeholder if this need ever arises. Scott prefers to identify all requirements up front. Compromise, for now, is to allow for additional parameter map and begin with statically configured policies.

use cases

Scott started some higher-level use cases:

They're a slightly higher level and condensed version of Susan's original ones with some of our technical thoughts captured at a requirements level.

Walk through of what is already in place for multi-factor support

What next