OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] DAON Slide Thoughts

> -----Original Message-----
> From: Rainer Hoerbe [mailto:rainer@hoerbe.at]
> Sent: Monday, February 03, 2014 4:18 PM
> To: Hal Lockhart
> Cc: La Joie, Chad; OASIS SSTC
> Subject: Re: [security-services] DAON Slide Thoughts

> >>
> >> Slide 12, bullet #4 brings up geolocation within an authn request.
> >> This is something we recently started needing here at Covisint as
> well.
> >> Might be worth discussing on a call.
> >
> > At least it is worth getting a clear statement of the usecase. Does
> this imply we have to treat a smart phone as a trusted device? If not,
> who is the Authority for this data? How much assurance is required? How
> fresh does it have to be?
> The Trust Elevation TC published V1.0 of their framework that puts
> things like geolocation into context. Maybe the question could be
> deferred to them.

As it happens I am speaking to them on Thursday about support for step up Authentication in SAML.

However I see almost nothing on geo location in the Framework.

Even their Survey of methods ... and Analysis of methods ... documents contain only passing mention of geo location in combination with other methods and no discussion of the assurance of geo location data at all.


Did you have some other document in mind?


> Rainer

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]