Sam Hartman (hartmans) wrote,
Sam Hartman

Web Authentication

Of late, I've been spending a lot of time at work thinking about web authentication. My boss accidentally assigned me the task of fixing the web. He set out a list of requirements that were impossible given current browsers and protocols. I told him this. He asked when I was going to fix things and sort of hinted that I should start this summer. One thing led to another and I've been putting together a proposal to solve a subset of the web single -sign-on problem and the phishing problem. There is a lot of work in this space and it is more politics than technology. Here is a talk I gave on the basic idea; a draft on the proposal; and a draft on requirements for avoiding phishing attacks. I think the phishing requirements may be the most lasting contribution to the ongoing work. I need to revise them over the weekend. If I am successful in integrating my thoughts over the last two weeks into the document, I will be rather proud of the result.
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment