OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Non-web client authentication

> Well, the problem is not bad application and bad user, but good user  
> and bad application. A user should trust the interface in which she  
> enters her credentials. And a user cannot trust a random application.

Then you need OS support (if even that would work), because nothing else
will give you any additional confidence.

I can't think offhand of anything I enter credentials into today that isn't
a "random" application apart from when I login to the desktop up front. Of
course, they're not random in the sense that I installed all of them, but if
you wanted me to swear on my life that I didn't have a trojan installed, I
sure wouldn't do it.

I think you're trying to solve an impossible problem, but I'm not sure what
it has to do with the subject of the thread anyway. It's just as much an
issue for web authentication as non-web.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]