Sha256: 4dba58121c34a093f303bedecfe41b9dbbfb5a8422e786e57bcf42daedd5f746
Contents?: true
Size: 1.31 KB
Versions: 64
Compression:
Stored size: 1.31 KB
Contents
See also * "Trustlet Wiki":http://www.trustlet.org/wiki Potential Ingredients for a trust metric h2. Reputation * Web of trust * Reputation systems ** Akismet, Viking, etc. * prove_as_human Completing a * validate_email logged_in akismet, etc. session duration h2. Accountability Does the person tied to this identity stand to lose or gain anything based on this action? h2. Past history * past history ** we can revisit past trust decisions based on revised trust estimates * recency of errors (reduce trust on an application exception) h2. Commitment * are_you_sure -- ask for con * willingness to pay a "hate task" (compute big hash) a la Zed Shaw * send_me_one_cent a micropayment ** shows commitment ** secondary validation from payment system ** offsets rist h2. Identity Binding * Stale sessions bq. "If your application allows users to be logged in for long periods of time ensure that controls are in place to revalidate a user’s authorization to a resource. For example, if Bob has the role of “Top Secret” at 1:00, and at 2:00 while he is logged in his role is reduced to Secret he should not be able to access “Top Secret” data any more." -- http://www.owasp.org/index.php/Guide_to_Authorization * how I authenticated: for instance, 'logged in by cookie' << 'logged in by password'
Version data entries
64 entries across 64 versions & 7 rubygems