> > Maybe someone else has documented this already, or maybe there's a > problem with this approach that we've not found yet - we've tested > across what we expect to be the normal combinations in use by our > users > (Linux, Windows, MacOS and Firefox, MSIE, Opera, Chrome, plus some > mobile devices), and so far it all seems to work.
One issue that we see is that we make heavy use of credential delegation. There's no way currently with cosign for an application to specify "User must have delegated credentials", and to request username/password reauthentication if the automated mechanisms don't delegate credentials. This was the main reason why we disallowed Safari, for example. Every so often, I do think about implementing a mechanism (probably through a required factor) for applications to state that they require credentials, and to permit cosign.cgi to request manual reauthentication in these cases. I've never quite got around to doing so, though. Cheers, Simon. ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
