[ncc-services-wg] Authentication Proposal for RIPE NCC Access

On Wed, Dec 04, 2013 at 12:57:26PM +0100, Alex Band wrote:
> In our RIPE NCC Access authentication system, we offer the ability to
> log in using an X.509 identity certificate instead of a username and
> password. This functionality was transferred from the legacy
> authentication system we used to have, without evaluating the value of
> this feature at the time.
> 
> Since then, we have encountered several implementation, user interface
> and support issues surrounding this feature, while it is used by less
> than 0.7% of the users with a RIPE NCC Access account. Most
> importantly, the functionality does not actually offer any additional
> security. This is something that is provided by true two-factor
> authentication.
> 
> We would like to propose to put this functionality in maintenance
> mode, meaning that it would be provided as it is without a service
> guarantee. Alternatively, it could be removed altogether. This would
> free us of a maintenance and support burden, meaning that we can spend
> these resources on other valuable services.

Ok for me.

> If the membership approves, the RIPE NCC could investigate ways to
> implement true two-factor authentication for RIPE NCC Access.

I'm glad to hear that.

Piotr

-- 
gucio -> Piotr Strzyżewski
E-mail: Piotr.Strzyzewski at polsl.pl