On Fri, Nov 8, 2013 at 1:02 PM, Michael Richardson
<mcr(_at_)sandelman(_dot_)ca> wrote:
"Phillip" == Phillip Hallam-Baker <hallam(_at_)gmail(_dot_)com> writes:
Phillip>
http://www.reuters.com/article/2013/11/08/net-us-usa-security-snowden-idUSBRE9A703020131108
Phillip> I think that the lesson we should draw from this is that no
Phillip> organization is capable of using password based security
Phillip> effectively. People like passwords because they are
Phillip> convenient, one of the reasons that they are convenient is
Phillip> that they can be shared.
Exactly. And that means that any non-password systems that does not permit
authority to be delegated will fail to be adopted in places where people
need to share.
Fortunately, we have some really good mechanisms on the books that
permit delegation including OAUTH*, KeyNote(2704), SASL (I think) and
even going back to SPKI (rfc2693). I know that there are more.
Supporting delegation is easy.
Supporting delegation in a way that ordinary people can understand is very
hard.
--
Website: http://hallambaker.com/