[Architecture] creating and revoking login tokens and related security issues

Steve Lee steve at opendirective.com
Wed Sep 3 05:16:29 EDT 2014

FYI and associated GPII-782 which is assigned to me. It seems like a
focussed meeting would help this topic.

Steve Lee
OpenDirective http://opendirective.com

On 2 September 2014 22:18, Dana Ayotte <dana.ayotte at gmail.com> wrote:
> Hi Everyone,
> I've attached a link to updated wireframes which describe the GPII account
> creation process using various methods (user id and password, RFID tag, USB,
> QR code).  These also include the creation of a recovery ID where necessary
> (i.e. when an email address is not provided).
> In terms of security issues, are there other things the design team should
> be considering in the user interface?
> Also, I have a question regarding how tokens will be revoked/invalidated.
> Will a user need to insert a USB key or swipe an RFID tag in order to revoke
> their token (see "delete" option in wireframes)? Or will that token just be
> removed from their account (so that the next time they insert/swipe, it
> won't be recognized)?
> And some questions related to RFID interaction:
> - can a user have more than one RFID tag associated with their GPII account?
> - can an RFID reader detect more than one tag at a time?
> - how are RFID tags named/identified (and can user name/rename them?)
> http://wiki.fluidproject.org/download/attachments/34570511/PMT-responsetologinissues-explorations.pdf
> http://issues.gpii.net/browse/GPII-690
> Thanks,
> Dana
> _______________________________________________
> Architecture mailing list
> Architecture at lists.gpii.net
> http://lists.gpii.net/cgi-bin/mailman/listinfo/architecture

More information about the Architecture mailing list