Jared Hunter wrote: >The goal of multi-factor authentication is to strengthen the link >between a human being and the actions taken by a logical account >(because a logical account is what the SAF-implementing ESM is >capable of authorizing and auditing). Sharing a single (or few) >logical accounts across many human beings is an anti-pattern that >is incompatible with that goal.
I agree it's an anti-pattern, but occasionally anti-patterns are useful. One scenario that comes to mind is when the system (such as the ESM itself) must provide typically partial read-only access to a team of authorized auditors/inspectors, but the ESM (and the other people who manage it) must not have any awareness of precisely which auditor or inspector took a look lest that person be subject to possible retaliation for an adverse finding. Another, similar scenario is a reporting system that accepts anonymous but still controlled submissions, for whistleblowers to submit tips (sexual harassment and other improprieties, suspected fraud, etc.) In such cases you'd want to make sure the report comes from within an authorized community (e.g. "intelligence officers"), but ideally you don't want even any technical ability to trace it to a particular individual. Voting systems might also fall in this general category. On the other hand, you might argue that these scenarios and others like them don't really involve 2FA or MFA as such, and you might be right. There still ought to be reasonable security solutions for these use cases. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN