Monday, June 13, 2016

[gfyiiqdh] Controlling your account

Desired generic features for account access (authentication):

Multiple keys, probably challenge-response with public-key cryptography.  Making it look like password authentication can be delegated to a trusted third party.

Set and run arbitrary policies regarding how keys must be used to access the account.  Perhaps several keys are needed simultaneously, some controlled by 2 factor authentication mechanisms using a trusted third party.

Set and run policies regarding how keys must be used to modify the account access policies, for example, revoking a key.  Perhaps more keys are needed than mere account access.

Logs for key usage, sent off site to a trusted third party.

Devil in the details of these trusted third parties.

No comments :