[Architecture] creating and revoking login tokens and related security issues
steve at opendirective.com
Wed Sep 3 05:16:29 EDT 2014
FYI and associated GPII-782 which is assigned to me. It seems like a
focussed meeting would help this topic.
On 2 September 2014 22:18, Dana Ayotte <dana.ayotte at gmail.com> wrote:
> Hi Everyone,
> I've attached a link to updated wireframes which describe the GPII account
> creation process using various methods (user id and password, RFID tag, USB,
> QR code). These also include the creation of a recovery ID where necessary
> (i.e. when an email address is not provided).
> In terms of security issues, are there other things the design team should
> be considering in the user interface?
> Also, I have a question regarding how tokens will be revoked/invalidated.
> Will a user need to insert a USB key or swipe an RFID tag in order to revoke
> their token (see "delete" option in wireframes)? Or will that token just be
> removed from their account (so that the next time they insert/swipe, it
> won't be recognized)?
> And some questions related to RFID interaction:
> - can a user have more than one RFID tag associated with their GPII account?
> - can an RFID reader detect more than one tag at a time?
> - how are RFID tags named/identified (and can user name/rename them?)
> Architecture mailing list
> Architecture at lists.gpii.net
More information about the Architecture