[Owasp-webcert] Extended Criteria Example

Mark Curphey mark at curphey.com
Tue Jul 31 12:10:07 EDT 2007

BTW here is an extended criteria example.

Re-authentication at significant events: A user should be required to
re-authenticate prior to a significant event being allowed to proceed.

The way I am structuring this as you know is that the core doc is a base
from which you can create domain specific schemes. For a financial services
they might specify that event for instance as a financial transaction
whereas for a emergency control center application that event maybe a
dispatch command. This avoids us having to dictate lowest common
denominators that make things "wishy washy".

More information about the Owasp-webcert mailing list