Versions Compared

Old Version 64

changes.mady.by.user Peter Clijsters

Saved on

compared with

New Version 65

changes.mady.by.user Peter Clijsters

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Remote registration is vulnerable to threats and technically complex to achieve. In person registration is therefore the most efficient option. In Q4 of 2017, Innovalor reviewed the options for remote registration. It is expected that we will try some of these options in a pilot settingThis has resulted in a design an POC phase in the first half of 2019.

Why is Google Authenticator not supported?

...

SURFsecureID does not support Single Sign On (SSO). As a result there is no active session on the SURFsecureID gateway for a user to logout. For first factor login SURFsecureID relies on SURFconext. Therefore, the same issues for single logout apply.

Can an institution implement strong authentication on their own IdP and

...

then forward the level of assurance to SURFsecureID?

No. SURFsecureID does not support the transfer of levels of assurance via the local IdP.

...

No, SURFsecureID supports only Yubikey hardware tokensTiqr and SMS. Other tokens like the ones from Vasco and Safenet cannot be re-used at the moment. However, SURFsecureID has succesfully carried out a proof-of-concept with Vasco and Azure MFA to use their tokens with SURFsecureID. Depending on user demand SURFconext could enable this option.

...

14 days after registering a token. To get a new activation code a user must delete the registered token and start a new registration.

How can

...

SURFsecureID ensure that tokens are bound to the right identity?

Threat
Description
Controls
ImpersonationAn applicant claims an incorrect identity, supporting the claim with a specific set of attributes created over time or by presenting false credentials.

During the registration process different methods are used to determine that the applicant is the right person:

  • federated login
  • e-mail verification
  • possession of activation code
  • face-to-face ID-proofing

Compromise or malfeasance of the infrastructure

Lack or poor implementation of security measures undermine the reliability of the registration.

Infrastructure threats are addressed by normal computer security controls:

  • separation of duties
  • record keeping
  • independent audits

Also a third party security audit on software code and infrastructure was conducted.

...