Brad, On Tuesday 15 September 2015 22:42:17 Brad Hill wrote: > FIDO is not "like a cookie". Cookies are about session and state > management. FIDO replaces passwords or certificates to provide strong > authentication
[...] > > <keygen> entangles being identified with being authenticated, are you telling me that FIDO is good strong authentication and keygen bad strong authentication? How, in this case, would use cases that Tim mentioned being done with FIDO? Out of the box? Is keygen the same as any other connection to the offline ID token world? --Rigo P.S. If you're authenticated you can do serverside stateful service, so all authentication is like a cookie :) But some cookie is not authentication.
signature.asc
Description: This is a digitally signed message part.
