Now that's what I'm talking about. Are you guys hiring?
On Sun, Nov 21, 2010 at 12:06 PM, Graham Leggett <minf...@sharp.fm> wrote: > In our experience, the hardest part about using certificates is overcoming > the perception held by technical people that it's hard to use certificates. > > Over the last three years, we have rolled out a certificate based > infrastructure across a large organisation, with certs for all employees and > external suppliers. The basic premise is that usernames and passwords are > banned (unless completely unavoidable), and that your certificate gives you > whatever access you need. Everything that requires "registration" of some > kind has been configured to auto-register people from details in the > certificates, so we have no centralised directory of any kind for people > with certificates. Lots of problems evaporated as a result. When the > certificate expires, or is revoked, the portcullis comes crashing down and > you're locked out everywhere. There are no residual "does person X still > have access" problems. > > For end users, life is simple. If you need to access something, you simply > go there, job done. No login forms, no registration, no asking somebody for > access, no "forgot your password" forms, no obscure username that is > annoyingly different to all your other usernames. > > In our experience, unlike technical people, end users don't know that > certificates are supposed to be hard, and so have never known they were > supposed to consider certificates a problem. As a result, it's been very > successful. > > Regards, > Graham > -- > >