Re: Password aging

[Gary Dobbins <dobbins () ND EDU>]

Angel L Cruz wrote:
> ...
> Now 2-factor is clearly the way to go, but the economics, scalability,
> and multi-platform requirements issues involved in large HE environments
> still scare many of us. Let's hope pricing models improve soon so we can
> at least take a stab at solving the scalability and multi-platform
> issues.

One potential benefit of having an Enterprise Directory Service (a la
Intenet2/MACE) serving both data and acting as an authN reference to
which key campus services defer for authN (not to mention authZ), is
the possibility of having it validate offered credentials against the
 authN service (e.g. Kerberos, 2-factor, etc) appropriate to the
service requesting authN validation (e.g. ERP), or other variables
such as userID.

As more enterprise services defer to EDS for authN, it can be an
enabling technology toward applying 2-factor authN selectively and
fairly platform-independently.

Also, many 2-factor authN servers directly offer RADIUS, TACACS, or
other relatively interoperable access protocols.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.