 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Cosign Multi-factor Authentication Spec
Hi all,
A couple of comments:
I'm not finding anything in the spec about the ability to selectively
multi-factor protect individual url-patterns within a single filtered
resource. For example, we use a single instance of the Java cosign
filter to protect a suite of Peoplesoft applications, only some of which
we'd like to multi-factor protect. The rest would continue to require
only a single factor. Should I assume this would require as many filter
instances as there are url-patterns with different security
requirements?
It would be nice to see the multi-factor capability extended to re-auth.
Our re-authenticated resources are not really distinct from the rest of
our application content. As mentioned above, we'll turn on multi-factor
for some of that content and would like to be able to re-authenticate
for certain sub-components with the same factors used to authenticate.
Mark
-----Original Message-----
From: Wesley Craig [mailto:wes@xxxxxxxxx]
Sent: Monday, October 10, 2005 9:13 PM
To: cosign-discuss Discussion
Cc: mais.twofact.tech@xxxxxxxxx
Subject: Cosign Multi-factor Authentication Spec
We'll take comments on this specification until 24 October 2005.
:wes
| 
