Interest in a push-based two-factor auth standard?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Heya!

A widely deployed way to do two-factor authentication is
TOTP. However, when used with an Android device Google Accounts have a
really nice flow where Google will send a push notification to the
Android device, which will then prompt the user with a "yes/no"
question as to whether they were trying to log in or not. From a UX
perspective this is much nicer than opening an app, manually typing in
a code, etc.

With WebPush core having been just ratified as RFC 8030, the time
seems ripe for standardizing an authentication scheme like described
above.

I have two questions:

1. Is there interest in creating such a standard at the IETF?

2. If there is, where would be the best place to do that work? I'm
relatively new to the IETF - I poked around Datatracker's list of
Working Groups and there didn't seem to be one that really fit that
well. Did I miss something? Or should this go through the IETF
individual submission track?

Please CC me on replies; I'm not subscribed.

Cheers!

AJ

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]