Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hey kuasha!

That sounds interesting, how would you implement that on an API level in a good way? I mean, the clients applications will most probably do automatic transactions all the time.

Are you thinking something like time-based sessions, which you have to authenticate on both ends - with a PK?



2FA can use smart card- The device with TPM capability may work as a virtual smart card- This video is interesting- http://www.youtube.com/watch?v=QmTpdZAC4_s -

But Yes, I have to admit, for API, this may be overkill-


So you would implement like a virtual smart-card in the Client application end that then communicates with the API in our end and authenticates?

I also think this might be a bit overkill - maybe something for real enterprise apps... :-)

But it's a cool thought!

Thanks for sharing!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: