[153467] in North American Network Operators' Group
Re: LinkedIn password database compromised
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Wed Jun 6 23:35:17 2012
In-Reply-To: <CAEE+rGqyOg41HG-xwEFhV_extz-CNLAGRWajbihH2LMwsE9-1w@mail.gmail.com>
Date: Wed, 6 Jun 2012 22:34:39 -0500
From: Jimmy Hess <mysidia@gmail.com>
To: "Aaron C. de Bruyn" <aaron@heyaaron.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/6/12, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:
[snip]
> One local password used everywhere that can't be compromised through
> website stupidity...
One local password is an excellent idea of course.
"Remote servers directly handling user created credentials" should be appended
to the list of the worst ideas in computer security.
Which digital id architecture should web sites implement, and what's
going to make them all agree on one SSO system and move from the
current state to one of the possible solutions though? :)
A TLS + Client-Side X.509 Certificate for every user.
BrowserID
OpenID
Active Directory Federation Services
OASIS SAML / STS + WS-Trust
Shibboleth SSO
CoSign SSO
Facebook Connect
Novell Access Manager
Windows Live ID
[insert a thousand of the other slightly more obscure Multi-website
Single-Login systems]
....
--
-JH
