CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Cosign Multi-factor Authentication Spec

Hi all,

A couple of comments:

I'm not finding anything in the spec about the ability to selectively
multi-factor protect individual url-patterns within a single filtered
resource.  For example, we use a single instance of the Java cosign
filter to protect a suite of Peoplesoft applications, only some of which
we'd like to multi-factor protect.  The rest would continue to require
only a single factor.  Should I assume this would require as many filter
instances as there are url-patterns with different security

It would be nice to see the multi-factor capability extended to re-auth.
Our re-authenticated resources are not really distinct from the rest of
our application content.  As mentioned above, we'll turn on multi-factor
for some of that content and would like to be able to re-authenticate
for certain sub-components with the same factors used to authenticate.


-----Original Message-----
From: Wesley Craig [mailto:wes@xxxxxxxxx] 
Sent: Monday, October 10, 2005 9:13 PM
To: cosign-discuss Discussion
Subject: Cosign Multi-factor Authentication Spec

We'll take comments on this specification until 24 October 2005.


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010