[WEB SECURITY] Social login / federated identity

Brian Dunavant brian at omniti.com
Mon Feb 25 17:37:49 EST 2013


Tangentially related to your argument and interesting reading none the less
on how even very large companies can easily get things wrong.

https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/


On Sun, Feb 24, 2013 at 7:14 PM, Martin O'Neal <martin.oneal at corsaire.com>wrote:

>
> > I'm going to have to argue in favor of
> > federated identity but to be clear only
> > for WS-Federation.
>
> This isn't a matter of technology though, you're missing the point.
>
> SSO as a concept is a good one, within the same security domain. Such as
> inside a cluster of applications from a single vendor.
>
> However, handing your auth over to facebook isn't the same thing at all.
>
>
> Martin...
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20130225/60a2f602/attachment-0003.html>


More information about the websecurity mailing list