RE: working on re-authentication from lisa.seeman on 2017-12-20 (w3c-wai-gl@w3.org from October to December 2017)

From: lisa.seeman <lisa.seeman@zoho.com>
Date: Wed, 20 Dec 2017 16:38:04 +0200
To: Alastair Campbell <acampbell@nomensa.com>
Cc: "Andrew Kirkpatrick" <akirkpat@adobe.com>, "Michael Gower" <michael.gower@ca.ibm.com>, "Rochford, John" <john.rochford@umassmed.edu>, "W3c-Wai-Gl-Request@W3. Org" <w3c-wai-gl@w3.org>
Message-Id: <160745a50bf.fe32f6cf114155.5871709870732482086@zoho.com>

Ahh, I assumed re-authentication just excluded the first time sign up.  

I think it is better to stick with authentication  and add an exception for transcribing during sign in

All the best

Lisa Seeman

LinkedIn, Twitter





---- On Wed, 20 Dec 2017 16:07:36 +0200 Alastair Campbell&lt;acampbell@nomensa.com&gt; wrote ---- 

    &gt; Can people clarify what “re-authentication” is exactly and how it differs from authentication?
  
 We should probably add a definition, but basically it means that you have authenticated on a site/page once, the site is maintaining some state (e.g. a cookie), but returning to the page requires a reduced form of authentication.
 I think there are broadly three types of behavior, sites will either:
   Auto-re-authentication: Maintain your session (via cookies), and you don’t have to (re)authenticate at all (e.g. twitter). 
 Re-authentication: Detect your previous authentication (via cookies) and then ask for a password, or perhaps the second factor again to confirm it is you at the keyboard (e.g. lastpass when set to remember your username but not password).
 Authentication: Make you to authenticate from fresh every time you arrive (e.g. my bank).
 It is the second case that we’re trying to catch with re-authentication, the last case does not make any effort to maintain a previous session, and the first doesn’t require anything of the user.
 HTH,
 -Alastair

Received on Wednesday, 20 December 2017 14:38:42 UTC