Desired generic features for account access (authentication):
Multiple keys, probably challenge-response with public-key cryptography. Making it look like password authentication can be delegated to a trusted third party.
Set and run arbitrary policies regarding how keys must be used to access the account. Perhaps several keys are needed simultaneously, some controlled by 2 factor authentication mechanisms using a trusted third party.
Set and run policies regarding how keys must be used to modify the account access policies, for example, revoking a key. Perhaps more keys are needed than mere account access.
Logs for key usage, sent off site to a trusted third party.
Devil in the details of these trusted third parties.
No comments :
Post a Comment