[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [trust-el] Four-eyes principle method
My opinion is that the workflow looks reasonable (elevating trust because two other users with different roles and LoAs are vouching for you is a common and good idea). On the other hand, to let the app A to maintain a state for T1 looks complicated to have it correctly implemented, IMHO. Having a sort of stateful app A that keeps track of two authorizations that can happen at different time, requires to have a carefully designed and implemented app, that can be quite complicated without detailed implementation details. Il giorno 26/gen/2012, alle ore 05:01, Colin Wallis ha scritto: > My feeling is that, useful as it is in the context of authorization and access control, it's outside of scope (which in the Statement of Purpose is pretty clear as being authentication). > > Cheers > Colin > > > -----Original Message----- > From: trust-el@lists.oasis-open.org [mailto:trust-el@lists.oasis-open.org] On Behalf Of Mary Ruddy > Sent: Thursday, 26 January 2012 11:03 a.m. > To: trust-el@lists.oasis-open.org > Subject: RE: [trust-el] Four-eyes principle method > > Ranier, > > Thank you very much for suggesting this method. Having multiple levels of > approval is also used for authorizing some financial transactions in the US. > In your particular example, everything is at LOA-3, and risk (from fraud and > errors) is reduced by increasing trust within that LOA-3. > > What do others think about the scope? > > -Mary > > -----Original Message----- > From: trust-el@lists.oasis-open.org [mailto:trust-el@lists.oasis-open.org] > On Behalf Of Rainer Hoerbe > Sent: Wednesday, January 25, 2012 3:22 PM > To: trust-el@lists.oasis-open.org > Subject: [trust-el] Four-eyes principle method > > I am not quite sure if that method is within the survey's scope, but I would > like to leave it to the group to discuss this. > > Regards, > Rainer > > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1416 / Virus Database: 2109/4765 - Release Date: 01/25/12 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: trust-el-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: trust-el-help@lists.oasis-open.org > > ==== > CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you. > ==== > > --------------------------------------------------------------------- > To unsubscribe, e-mail: trust-el-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: trust-el-help@lists.oasis-open.org > -- Massimiliano Masi Tiani "Spirit" GmbH Guglgasse 6 Gasometer A 1110 Vienna Austria/Europe
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]