Download presentation
Presentation is loading. Please wait.
Published byMelanie Nash Modified over 9 years ago
1
Using Levels of Assurance Well, at least thinking about it…. MAX (just MAX)
2
Agenda A little bit about me Level Set Issues of LOA determination LOA’s all around us Practical concerns about LOA's Discussion/Questions
3
just MAX? Rocking chair in September 2007 Systems and Networking Operations Shibboleth IdP Operation (I herd the cats)
4
PSU and Shibboleth WebAssign - Physics course assignments http://www.webassign.net/info/shibboleth.html Napster TurnItIn, Symplicity, LionShare eAuth demo at Fall Internet2 Member Meeting PHEAA, Library
5
Level Set
6
Level Set (cont.)
8
Issues of LOA Determination Multiple identification realms within a single domain Authoritative sources differ among realms Collecting information from various Registration Authorities Examples: (Admissions, Registrar, Human Resources, World Campus, Direct User Input)
9
Issues of LOA Determination (cont.) Various Levels of Identity Proofing Faxing a photo identification Tuition payment Signature Stations 2nd Factor Authentication
10
What is a Signature Station? Start AD20 Agreement AD54 Agreement Library Agreement Display Password Newswire?Printing? Newswire Agreement Printing Agreement End Sign For Account No Yes GPG Encrypt Signature Request E-mail join Save all agreements
11
LOA’s All Around Us OMB guidance defines four levels of assurance Level 1: Little or no confidence in asserted identity’s validity Level 2: Some confidence in asserted identity’s validity Level 3: High confidence in asserted identity's validity Level 4: Very high confidence in asserted identity’s validity
12
LOA’s All Around Us (cont.) InCommon Federation Bronze Silver http://www.incommonfederation.org/docs/drafts/ Metal of the day
13
LOA’s All Around Us (cont.) Making identity assertions with a LOA Just use Shibboleth and treat it like any other attribute Without Shibboleth... It’s the same old story Establish trust Security of the communication Architecture of the eAuthentication demo Install/configure the Shibboleth eAuth plugin Plugin has a built in LOA 1 assertion Exchanging certificates
14
Practical concerns about LOA's LOA for an identity, or for an Identity Provider? Identity Proofing methods Determination about an identity Credential Assessment Framework (CAF) Determination about the Credential Provider –Handling of passwords –Detecting password attacks Does the LOA need “adjusted”? User forgets password/password reset Password attack is detected Require by a business process Process for restoring an “adjusted” LOA
15
Practical concerns about LOA's (cont.) Identifying applications and LOA requirements On-line general advising Email Course Management Software E-signatures Supporting the users Helpdesk calls for broken applications caused by “adjusted” LOA
16
Discussion/Questions “If you have truly done your part to make this interactive, the discussion has all been addressed!” Contact Information Mark “Max” Miller Senior Systems Engineer Penn State – ITS max@psu.edu
17
Copyright Copyright Mark Miller 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.