I just started subscribing to the Security Justice podcast after talking to @ben_p during the last Minnesec meetup. Today I'm listening to SJ interviewing Wikid Systems on their two-factor authentication product. Nick, the CEO of Wikid makes the following quote:
"Well, one, I think, um, you need a, the lead steers need to be the information security geeks who really say I want two-factor for this, I will switch, I will pay extra for Google Apps for my domain because it will support two-factor authentication."
No, I do not want Google to support your two-factor authentication, nor RSA's, nor anyone else. I don't want them to even know what two-factor means. I want you or perhaps Hurricane Labs to stand up a SAML Identity Provider (IdP) that I can configure into my Google Apps for Domain console. Google allows this today. According to their docs, one IdP can support multiple domains, so this wouldn't be limited to just my domain.
We need to get away from one-to-one "federated" integration and start thinking about General IdP <-> consumer <-> Service Provider federation. Yeah, I move my security now to your controls on the IdP versus Google's. This may introduce more risk. For consumers and small businesses, general IdPs are the future.
Does anyone know of a general IdP that supports Wikid?
0 comments:
Post a Comment