Anonymous user
Authentication integration: Difference between revisions
no edit summary
imported>Paulproteus No edit summary |
imported>Paulproteus No edit summary |
||
Line 11:
* Applications outside openhatch.org should not be able to use this system to gain information about users. (They might be able to use ''other'' mechanisms, but not this one.)
* These applications don't have to be particularly securely maintained. (Specifics...?)
m_stone's notes:
* You should plan to rotate authenticators.
* Maybe use separate HMAC keys for separate "apps"?
* I'm a bit nervous about having splittable cookies. Maybe add an index cookie? (fun link: [http://wiki.laptop.org/go/Canonical_JSON canonical json])
== Overview ==
|