[OpenID] OpenID and SSO
Anders Feder
lists.anders at feder.dk
Sat Jun 28 02:01:20 UTC 2008
Sorry, missed one point.
fre, 27 06 2008 kl. 20:20 -0500, skrev Eric Norman:
> Consider the holy triumvirate that folks like to quote about
> "something you ...". Translate each one as "something you have
> to do" (an action, e.g. remember something; pull out and show
> something). Then more actions are really just another way of
> having multi-factor; that's the point of view I have.
I always thought multi-factor felt a little vacuous, because it depends
of the security of the individual factors (i.e. "chain as strong as
weakest link" has higher precedence), but I don't think that abstraction
is in accordance with multi-factor security at all - its quite the
opposite.
The idea behind multi-factor security is that you use tokens from
different "domains" (knowledge, physical possession, certified
credentials), on the premise that its harder to compromise several
"domains" than just a single one. That's not the same as saying that
multiple tokens from within the _same_ domain are more secure, because
once you're inside you tend to have access to it all.
--
Anders Feder <lists.anders at feder.dk>
More information about the general
mailing list