CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign Multi-factor Authentication Spec



On 11 Oct 2005, at 09:22, Linderman, Mark wrote:
I'm not finding anything in the spec about the ability to selectively
multi-factor protect individual url-patterns within a single filtered
resource. For example, we use a single instance of the Java cosign
filter to protect a suite of Peoplesoft applications, only some of which
we'd like to multi-factor protect. The rest would continue to require
only a single factor. Should I assume this would require as many filter
instances as there are url-patterns with different security
requirements?

No. I think you're referring to the possible bug in the Java filter that you have previously reported? If so, I don't think that's germane to the multi-factor discussion.


It would be nice to see the multi-factor capability extended to re- auth.
Our re-authenticated resources are not really distinct from the rest of
our application content. As mentioned above, we'll turn on multi- factor
for some of that content and would like to be able to re-authenticate
for certain sub-components with the same factors used to authenticate.

It's not currently spec'd that way because re-auth must be configured centrally, while multi-factor is configured in the filters. It's not possible to mix central & filter configurations in the way that you describe. Instead, the capability you describe would require much more to be configured centrally.


:wes


 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010