CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign Re-Authentication Specification

On Mar 25, 2005, at 4:56 PM, Wesley Craig wrote:

On 25 Mar 2005, at 15:59, Cory Snavely wrote:
* Suggestion. On the re-auth page, it occurs to me that if someone
  *innocently* arrives there, they are unlikely to suffer through n
  attempts at impersonation without knowing that afterward they get
  to authenticate as themselves. The way it is currently kind of
  assumes they are up to no good.

  I think there should be a "this isn't me--log on as a different
  person" button. Not quite sure how to word that, but I think it's
  needed to help the innocent victim.

Good idea. Let's add a button/text. If the user selects this path, they will logout the previous user, and be redirected back to the URL. Since the URL required (unsatisfied) reauthN, there should be no cached cookies, the "CHECK" will fail, a new service cookie will be set, and a login will be triggered.

Again with the "just for concept communication purposes, this is not the actual text" I've added Cory/Wes' suggestion to the reauth mockup page located at:


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010