[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] New authentication method for One-Time Password?
> I think that the Password auth method may be considered to cover this at the least.
Hi Phill - Unfortunately, we really need something distinct from password since we have some applications that MUST know whether a user authenticated with a single factor (e.g. LDAP password) or a 2-factor (e.g. SecurID token) authn method.
As I said, if folks object to a proprietary method (SECURID), I can live with something that at least indicates it was a 2-factor authentication. Recommendations?
-----Original Message-----
I think that the Password auth method may be considered to cover this at the least.
If more specificity is required I would suggest that the method merely specify a hardware token rather than any particular proprietary means of achieving that (unless we want to spend more time with lawyers).
If an application cares about the vendor of the token let the vendor specify the uri out of their oid arc :-)
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC