OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Gap Analysis: use case 23, Mobile Customer Authentication

Owner: Dominique Nguyen, Bank of America


This thread is for use case owners or others, on this use case 23, to:

·         ask questions of the group, or specific members

·         organize written discussions on the public list

·         share current thinking or content




in mobile, the use of the device in MFA is the distinguishing characteristic

device id would be one of the attributes/factors involved

such use requires a device registration process (possibly more than one per account)

SAML, Oauth seem potentially applicable

process flow for the use case should probably include the registration and other process steps

Unclear if there is a standard for device registration (profile)

Various keywords from the use case (device, secure hardware, registration, MFA). Research required based on those keywords to identify other potentially relevant standards

the question was raised as to whether the notion of 'assurance of hardware/device identity' might not have some commonality across the otherwise quite dissimilar realms of mobile and data center (referred to Thomas Hardjono, and Use Case 26)

this use case 23 may have applicability to healthcare scenarios, so there might be some relevant healthcare standards, e.g. xspa  -  saml  and ws-trust bindings


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]