This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
Trustification
Potential Ingredients for a trust metric
Reputation
- Web of trust
- Reputation systems
- Akismet, Viking, etc.
- prove_as_human Completing a
- validate_email
Accountability
Does the person tied to this identity stand to lose or gain anything based on this action?
Past history
- past history
- we can revisit past trust decisions based on revised trust estimates
- recency of errors (reduce trust on an application exception)
Commitment
- are_you_sure — ask for con
- willingness to pay a “hate task” (compute big hash) a la Zed Shaw
- send_me_one_cent a micropayment
- shows commitment
- secondary validation from payment system
- offsets risk
Identity Binding
- Stale sessions
bq. “If your application allows users to be logged in for long periods of time
ensure that controls are in place to revalidate a user’s authorization to a
resource. For example, if Bob has the role of “Top Secret” at 1:00, and at
2:00 while he is logged in his role is reduced to Secret he should not be able
to access “Top Secret” data any more.” — http://www.owasp.org/index.php/Guide_to_Authorization
- how I authenticated: for instance, ‘logged in by cookie’ << ‘logged in by password’
