2010-7-1 MFA call
Your Conference Line will be B; Press 2 off the voicemail tree.
Conference DN: 203-432-8598 Participants
Chairperson DN: 203-432-8730 (Susan)
Clarification of Road Map
In release 3.5, Scott is re-architecting of CAS to support future features. Some of this work enables MFA.
Yale has a road map bullet to have a proof of concept MFA working in 2010. We want to base this on real plans for CAS.
What Multi-factor requirements to we want to support?
The goal is to understand the requirements well enough to design a pluggable interface rather than go into detail for each.
Enumerate requirements so all are covered by interface.
- Not really more than one factor - really needs a specific type
- Rank - require a certain level or strength
- Group - like levels without the ranking
- specific set, either ordered or unordered
Howard's shopping metaphor - user needs to gather credentials like filling a shopping cart. Doesn't matter if you are fixing a car or making dinner, shopping is the same.
Multifactor validation - what happens on partial success?
Multifactor flow - how to acquire the factors?
Define the MFA "scheme/rule/setup" (call these policies for now) globally and assign to services.
Most basic requirements:
- work front end user sees
- work system admin sees
- defining the rules
Is it acceptable to have policies that are coded in java that a user can create and choose from. A configurer can just pick one. Each service can get one policy. Policies have no parameters. CAS needs to be restarted to add a new policy.
Need credential collector for each factor, UI flow for each factor, validator for each factor etc.