[OpenID] OpenID Registration Scenario
Peter Williams
pwilliams at rapattoni.com
Thu Jul 12 11:09:17 UTC 2007
"The average user doesn't think about too much about security,
especially back in the day, but they want portability. The fact you
couldn't transparently log in from your home machine, a work machine and
a public library machine with a client cert was a major usability
problem. "
So, isn't the same true with smartcards (e.g. the coming US national id
card?), or USB tokens, or mifare cards, or TPM-equipped PCs that can use
a Euro-passport-chip's bio data. These all (like client certs) require
universal terminal-capability - the USB port, the drivers, the special
device readers, etc
If we assume this propositions, we are surely left with limiting
ourselves to conventional passwords - or perhaps also those OFFLINE
password keyfob dongles generating one-time-passwords every 60s -
devices that are (a) portable, and (b) require of the PC terminal
nothing other that which conventional passwords require (i.e. a keyboard
to enter OTP and pin)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070712/51a3c1b9/attachment-0002.htm>
More information about the general
mailing list