I'm going to have to argue in favor of
federated identity but to be clear only
for WS-Federation.
This isn't a matter of technology though, you're missing the point.
SSO as a concept is a good one, within the same security domain. Such as
inside a cluster of applications from a single vendor.
However, handing your auth over to facebook isn't the same thing at all.
Martin...
Tangentially related to your argument and interesting reading none the less
on how even very large companies can easily get things wrong.
https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/
On Sun, Feb 24, 2013 at 7:14 PM, Martin O'Neal martin.oneal@corsaire.comwrote:
I'm going to have to argue in favor of
federated identity but to be clear only
for WS-Federation.
This isn't a matter of technology though, you're missing the point.
SSO as a concept is a good one, within the same security domain. Such as
inside a cluster of applications from a single vendor.
However, handing your auth over to facebook isn't the same thing at all.
Martin...
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org