assurance - [Assurance] stored authentication secrets
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: [Assurance] stored authentication secrets
- Date: Thu, 28 Jun 2012 20:09:00 -0400 (EDT)
In moving from version 1.1 to 1.2 of the Identity Assurance Profiles, section
4.2.3.4 (Stored Authentication Secrets) was deemphasized, that is, the
requirements of that section now only apply to Silver. I'm wondering why this
was done? It seems that ALL IdPs should minimally protect their passwords
stores since federated password stores, in particular, are very attractive
targets.
Tom
- [Assurance] stored authentication secrets, Tom Scavo, 06/28/2012
- Re: [Assurance] stored authentication secrets, Tom Scavo, 06/29/2012
- Re: [Assurance] stored authentication secrets, Ann West, 06/29/2012
- Re: [Assurance] stored authentication secrets, Tom Scavo, 06/29/2012
Archive powered by MHonArc 2.6.16.