RE: Cosign Multi-factor Authentication Spec

["Linderman, Mark" <mlinderm@xxxxxxxxxxxx>]

Hi all,

A couple of comments:

I'm not finding anything in the spec about the ability to selectively
multi-factor protect individual url-patterns within a single filtered
resource.  For example, we use a single instance of the Java cosign
filter to protect a suite of Peoplesoft applications, only some of which
we'd like to multi-factor protect.  The rest would continue to require
only a single factor.  Should I assume this would require as many filter
instances as there are url-patterns with different security
requirements?

It would be nice to see the multi-factor capability extended to re-auth.
Our re-authenticated resources are not really distinct from the rest of
our application content.  As mentioned above, we'll turn on multi-factor
for some of that content and would like to be able to re-authenticate
for certain sub-components with the same factors used to authenticate.

Mark




-----Original Message-----
From: Wesley Craig [mailto:wes@xxxxxxxxx] 
Sent: Monday, October 10, 2005 9:13 PM
To: cosign-discuss Discussion
Cc: mais.twofact.tech@xxxxxxxxx
Subject: Cosign Multi-factor Authentication Spec

We'll take comments on this specification until 24 October 2005.

:wes