~jpastuszek/blog#53: 
Post: Authenticaton done on device

Currently we have a large number of independent identities; basically each for every service + one mast that is you e-mail account. You authentication should be done by your devices once for all the services. On protocol level - each request signed by it, so you control your identity, session lengths etc.

No more session cookies, session stores, log in portals, passwords stored in plain text and logged in log files, data leaks, session stores sync or sticky cookies, OpenID, SAM... XSS grabbing you sessions, timeouts, logouts... aaa!

Status
REPORTED
Submitter
~jpastuszek
Assigned to
No-one
Submitted
1 year, 4 months ago
Updated
1 year, 4 months ago
Labels
No labels applied.