The end of password pain: building frictionless authentication at the Guardian
10 points
1/21/1970
a day ago
by Tomte
Comments
bob1029
21 hours ago
mooreds
Are you talking about CIMD?
17 hours ago
bob1029
Not specifically but it's the same idea. CIMD is perhaps one step too far for the cases I've worked with. We seem to prefer an out-of-band process for establishing trust. Two CTOs exchanging FQDNs at lunch is a fairly robust model.
16 hours ago
I've been enjoying modern machine-to-machine flows. Trading trusted URLs for client ids is a really secure model. Especially if you go the extra mile with role based machine auth to cloud key stores. You can do the entire thing without a single secret string. I'd much rather prove I can control a URL than ensure a piece of information never leaks out.