Is Assurance Real?

Convener: RL "Bob" Morgan

Discussion notes:

Identity Assurance Frameworks:
 * OMBO4-04
 * E-Auth - CAF
 * NIST-800-83
 * TFPAP
 * ISAP
 * Kantara IAF
 * InCommon IAF

Challenges for universities to achieve level 2:


 * Need to evaluate if employees' and students' has been properly validated / verified.


 * Possibility that an unknown university service collects creds in the clear. Nothing stops someone from publishing an unencrypted web form that binds against the university LDAPS or Kerberos system.


 * Cost: assurance = money. Fundamental problem: IDP bears the cost, but the RP gets the benefit.