[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Non-web client authentication
> Well, the problem is not bad application and bad user, but good user > and bad application. A user should trust the interface in which she > enters her credentials. And a user cannot trust a random application. Then you need OS support (if even that would work), because nothing else will give you any additional confidence. I can't think offhand of anything I enter credentials into today that isn't a "random" application apart from when I login to the desktop up front. Of course, they're not random in the sense that I installed all of them, but if you wanted me to swear on my life that I didn't have a trojan installed, I sure wouldn't do it. I think you're trying to solve an impossible problem, but I'm not sure what it has to do with the subject of the thread anyway. It's just as much an issue for web authentication as non-web. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]