Re: FIDO2 ?

Date: 2022-05-18 08:49 pm (UTC)
From: [personal profile] mjg59
The cryptographic identity tied to the token can live anywhere, yeah - the question is how to make good use of it. You don't want to have to re-auth on every API call, so presumably if you want to use a proof-of-presence crypto exchange you'd exchange the bearer token for a session cookie that's tied to the IP address (to prevent exfil) and then force re-validation whenever the IP address changes?
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. [personal profile] mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.

Expand Cut Tags

No cut tags