Since the process of establishing a Passport identity does not include any authorization for access to participating sites or resources, the Passport authentication scheme should be assigned a relatively low protection level. We recommend using Passport authentication for personalization, and enforcing an authentication scheme with a higher protection level for sensitive resources. For example, Passport users could be authenticated, and their identities established using a SiteMinder protection level of 1. When the users request sensitive financial information, they might be forced to reauthenticate using an HTML forms authentication scheme with a protection level of 10.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |