This repository has been archived by the owner on Jul 21, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 289
Trustification
bcarpenter edited this page Aug 17, 2010
·
2 revisions
Potential Ingredients for a trust metric
- Web of trust
- Reputation systems
- Akismet, Viking, etc.
- prove_as_human Completing a
- validate_email
Does the person tied to this identity stand to lose or gain anything based on this action?
- past history
- we can revisit past trust decisions based on revised trust estimates
- recency of errors (reduce trust on an application exception)
- are_you_sure — ask for con
- willingness to pay a “hate task” (compute big hash) a la Zed Shaw
- send_me_one_cent a micropayment
- shows commitment
- secondary validation from payment system
- offsets risk
- Stale sessions
bq. “If your application allows users to be logged in for long periods of time
ensure that controls are in place to revalidate a user’s authorization to a
resource. For example, if Bob has the role of “Top Secret” at 1:00, and at
2:00 while he is logged in his role is reduced to Secret he should not be able
to access “Top Secret” data any more.” — http://www.owasp.org/index.php/Guide_to_Authorization
- how I authenticated: for instance, ‘logged in by cookie’ << ‘logged in by password’