assurance - [Assurance] credential renewal or re-issuance
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: [Assurance] credential renewal or re-issuance
- Date: Mon, 04 Jun 2012 11:05:59 -0400 (EDT)
In section 4.2.4.3 ("Credential Renewal or Re-issuance") of the Silver IAP,
it suggests "A short-lived single use Secret sent to the Address of Record
that the Subject must submit in order to establish a new Authentication
Secret," which could be interpreted as using email to deliver a short-lived
secret for the purposes of password reset. However, email-based password
reset is vulnerable to a lost or stolen mobile phone (since mobile phones
invariably have access to all the user's e-mail accounts) so I'm wondering
how people plan to handle password reset for Silver compliance?
I wonder if this topic will come up on tomorrow's EDUCAUSE Live! presentation
(http://net.educause.edu/live) where the topic is "Bring Your Own Device"
(BYOD)?
Thanks,
Tom
- [Assurance] credential renewal or re-issuance, Tom Scavo, 06/04/2012
- Re: [Assurance] credential renewal or re-issuance, Cantor, Scott, 06/04/2012
- RE: [Assurance] credential renewal or re-issuance, Roy, Nicholas S, 06/04/2012
- RE: [Assurance] credential renewal or re-issuance, Jones, Mark B, 06/04/2012
- Re: [Assurance] credential renewal or re-issuance, Eric Goodman, 06/04/2012
- RE: [Assurance] credential renewal or re-issuance, Roy, Nicholas S, 06/04/2012
- Re: [Assurance] credential renewal or re-issuance, Eric Goodman, 06/04/2012
- RE: [Assurance] credential renewal or re-issuance, Jones, Mark B, 06/04/2012
- RE: [Assurance] credential renewal or re-issuance, Roy, Nicholas S, 06/04/2012
- Re: [Assurance] credential renewal or re-issuance, Cantor, Scott, 06/04/2012
Archive powered by MHonArc 2.6.16.