Sam Hartman (hartmans) wrote,
Sam Hartman
hartmans

Web Authentication

Of late, I've been spending a lot of time at work thinking about web authentication. My boss accidentally assigned me the task of fixing the web. He set out a list of requirements that were impossible given current browsers and protocols. I told him this. He asked when I was going to fix things and sort of hinted that I should start this summer. One thing led to another and I've been putting together a proposal to solve a subset of the web single -sign-on problem and the phishing problem. There is a lot of work in this space and it is more politics than technology. Here is a talk I gave on the basic idea; a draft on the proposal; and a draft on requirements for avoiding phishing attacks. I think the phishing requirements may be the most lasting contribution to the ongoing work. I need to revise them over the weekend. If I am successful in integrating my thoughts over the last two weeks into the document, I will be rather proud of the result.
Subscribe

  • Making our Community Safe: the FSF and rms

    I felt disgust and horror when I learned yesterday that rms had returned to the FSF board. When rms resigned back in September of 2019, I was Debian…

  • Good Job Debian: Compatibility back to 1999

    So, I needed a container of Debian Slink (2.1), released back in 1999. I expected this was going to be a long and involved process. Things didn't…

  • Forged Email

    Last night, a series of forged emails was sent to a number of places around the Debian, Ubuntu and Free Software communities. The meat of the mail…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment