On Mon, Mar 27, 2006 at 04:14:06PM -0800, John Merrells wrote: > > On 22-Mar-06, at 12:47 PM, Nicolas Williams wrote: > > >So, is it safe to say that some of the use cases posted by Robert > >amount > >to saying that > > > > - users shouldn't have more than one physical > > (smartcard/token/whatever) or logical (username/password) > >credential > > I don't think you can mandate 'just one', but I think you can mandate > choice. Users should have as few or as many as they feel they need. > As a real world example think of credit cards. You could have one > but you probably have a back-up or two.
Agreed, but users shouldn't _have_ to have more than one as a result of the ad-hoc nature of the systems they use. I think that is what Robert was trying to convey, or at least my reading of the particular requirement I was distilling. I wouldn't disagree with that... I suspect users won't mind having multiple tokens, provided that number is small, as much as having many accounts that require passwords. Nico -- _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
