assurance - Re: [Assurance] can two-factor be hacked ?
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [Assurance] can two-factor be hacked ?
- Date: Wed, 12 Mar 2014 20:08:33 -0400
On Wed, Mar 12, 2014 at 4:49 PM, David Walker
<>
wrote:
> So this is more about session integrity than authentication, right?
I still think it's authentication. Some people call it step-up
authentication. The SP already knows the user, but now wants
additional, independent assurances that this is so. In distributed
fashion, this requires the SP to pass the identity of the user in the
AuthnRequest while requiring the IdP to authenticate the identified
user with an additional factor. (Who said there's no use for
AllowCreate="false" :)
Visualize numerous single-factor IdPs sprinkled across the
network...multiple, single-factor IdPs supplying step-up
authentication services if and when they're needed (where is not an
issue). Easier to deploy but much harder to subvert.
Tom
- Re: [Assurance] can two-factor be hacked ?, (continued)
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Josh Alexander, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, David Walker, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Tom Scavo, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- Re: [Assurance] can two-factor be hacked ?, Cantor, Scott, 03/12/2014
- RE: [Assurance] can two-factor be hacked ?, Brian Arkills, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Jones, Mark B, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Etan Weintraub, 03/11/2014
- RE: [Assurance] can two-factor be hacked ?, Farmer, Jacob, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Dana Watanabe, 03/11/2014
- Re: [Assurance] can two-factor be hacked ?, Steven Carmody, 03/07/2014
Archive powered by MHonArc 2.6.16.