On Wed, Oct 19, 2011 at 07:18:34AM -0700, Toshio Kuratomi wrote: > > As for "lost token", the idea would be that the admin would be able to > > reset the user's login requirements to password or similar until a new > > token can be mailed out. (Leaving it up to the admin to perform proper > > verification that the token was actually lost vs. a social-engineering > > attempt). > > So we might want to allow some of that to be done without admin > intervention. As I say, we do not have the ability to do proper > verification over the majority of our account holders. With that in mind, > we have two choices -- refuse them access, so they have to create a new > account or allow them to change token with minimal verification. If the > latter, then there's no need for admin's to be involved. There are several ways to prove one's identity that can be used if the token is lost. For example: - access to a private SSH key - access to a private key of a client SSL cert - might even be one issued by e.g. cacert - access to a private gpg key - access to text messages to a certain mobile number - access to voice message to a certain phone number - ability to create a picture or video of oneself with a certain message included - ability to meet with other Fedora account holders that verify a ID card - ability to receive mail to a certain postal address - ability to receive e-mail - ability to receive payments via certain bank accounts - ability to receive jabber messages Depending on timing requirements and probability whether certain methods might be compromised if a token is compromised a combination or only several ones might be used. Kind regards Till _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
