28 Jun 04:01
Re: [OpenID] OpenID and SSO
From: Anders Feder <lists.anders <at> feder.dk>
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 02:01:20 GMT
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 02:01:20 GMT
Sorry, missed one point. fre, 27 06 2008 kl. 20:20 -0500, skrev Eric Norman: > Consider the holy triumvirate that folks like to quote about > "something you ...". Translate each one as "something you have > to do" (an action, e.g. remember something; pull out and show > something). Then more actions are really just another way of > having multi-factor; that's the point of view I have. I always thought multi-factor felt a little vacuous, because it depends of the security of the individual factors (i.e. "chain as strong as weakest link" has higher precedence), but I don't think that abstraction is in accordance with multi-factor security at all - its quite the opposite. The idea behind multi-factor security is that you use tokens from different "domains" (knowledge, physical possession, certified credentials), on the premise that its harder to compromise several "domains" than just a single one. That's not the same as saying that multiple tokens from within the _same_ domain are more secure, because once you're inside you tend to have access to it all. -- -- Anders Feder <lists.anders <at> feder.dk>
RSS Feed