cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Accessing secure sites
On 28 Jul 2004, at 07:12, Keith Farvis wrote:
Do you have any similar requirements in Michigan and if so, how have
you addressed them?
Very. So far, two cases have been brought to our attention. First is
similar to the one you describe. Our plan is to add a cosign server
option to indicate that a site requires a password for each
registration event. This allows the site to dictate a local idle
timeout. Correspondingly, it will allow sites that don't care as much
to have very large idle timeouts, without negatively impacting the
security of these re-register sites.
The second case, brought by our finance people, is for multi-factor