[Owasp-webcert] Extended Criteria Example
mark at curphey.com
Tue Jul 31 12:10:07 EDT 2007
BTW here is an extended criteria example.
Re-authentication at significant events: A user should be required to
re-authenticate prior to a significant event being allowed to proceed.
The way I am structuring this as you know is that the core doc is a base
from which you can create domain specific schemes. For a financial services
they might specify that event for instance as a financial transaction
whereas for a emergency control center application that event maybe a
dispatch command. This avoids us having to dictate lowest common
denominators that make things "wishy washy".
More information about the Owasp-webcert