RE: Your comments on technique Saving data so that it can be used after a user re-authenticates

This is a fine technique (keep it) -- but it is not what I was suggesting

Suggest that you create a new technique by
1) Cloning this technique
2) Change the name of the new technique to 
"Encoding user data as hidden data in re-authorization page"
3) change just a few words so that it says

"The server embeds (as hidden data)  the information from the form into the
page that is used for re-authentication.  Then when the person
re-authenticates, the server can pull the information from the
re-authentication page, fill out the form, and proceed.  In this fashion the
server does not have to store the user information on the form at all.  This
is an important technique for those cases where it is illegal for the server
to store this information temporarily. It also is useful in that it frees
the server from having to maintain the stored information and reconnect it
to the re-authentication request when it comes in - especially since it may
come in to another server."

This should go back through committee I think - since it would be a new
technique. 



Gregg

 -- ------------------------------ 
Gregg C Vanderheiden Ph.D. 
Professor - Ind. Engr. & BioMed Engr.
Director - Trace R & D Center 
University of Wisconsin-Madison 
The Player for my DSS sound file is at http://tinyurl.com/dho6b 
-----Original Message-----
From: Michael Cooper [mailto:michaelc@watchfire.com] 
Sent: Thursday, March 09, 2006 9:50 AM
To: Gregg Vanderheiden; Ben Caldwell; John M Slatin; Alex Li
Subject: Your comments on technique Saving data so that it can be used after
a user re-authenticates

In the survey for the following technique, you suggested changes. Please
review the changes and let me know if the technique is now acceptable. A
brief description of the change is beside your remarks in the status
section of the technique.

Technique: Saving data so that it can be used after a user
re-authenticates
URL: http://tinyurl.com/r2s5a
Survey: http://tinyurl.com/p36mg

Michael

Received on Thursday, 9 March 2006 17:11:43 UTC