<div dir="ltr">Tangentially related to your argument and interesting reading none the less on how even very large companies can easily get things wrong.<div><br></div><div><a href="https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/">https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/</a><br>

</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Feb 24, 2013 at 7:14 PM, Martin O'Neal <span dir="ltr"><<a href="mailto:martin.oneal@corsaire.com" target="_blank">martin.oneal@corsaire.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
> I'm going to have to argue in favor of<br>
> federated identity but to be clear only<br>
> for WS-Federation.<br>
<br>
</div>This isn't a matter of technology though, you're missing the point.<br>
<br>
SSO as a concept is a good one, within the same security domain. Such as<br>
inside a cluster of applications from a single vendor.<br>
<br>
However, handing your auth over to facebook isn't the same thing at all.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
Martin...<br>
<br>
<br>
_______________________________________________<br>
The Web Security Mailing List<br>
<br>
WebSecurity RSS Feed<br>
<a href="http://www.webappsec.org/rss/websecurity.rss" target="_blank">http://www.webappsec.org/rss/websecurity.rss</a><br>
<br>
Join WASC on LinkedIn <a href="http://www.linkedin.com/e/gis/83336/4B20E4374DBA" target="_blank">http://www.linkedin.com/e/gis/83336/4B20E4374DBA</a><br>
<br>
WASC on Twitter<br>
<a href="http://twitter.com/wascupdates" target="_blank">http://twitter.com/wascupdates</a><br>
<br>
<a href="mailto:websecurity@lists.webappsec.org">websecurity@lists.webappsec.org</a><br>
<a href="http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org" target="_blank">http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org</a><br>
</div></div></blockquote></div><br></div>