Monday, June 23, 2008

Physician, heal thyself

Microsoft's HealthVault will accept 2 factor based OpenID authentication from an outside OP, but doesn't expect the same level of assurance from its own in-house authentication system.

What are the other factors that somehow balance out the 'assurance equation'?

The SSO protocol used, i.e. OpenID vs LiveID? Identity proofing? Insurance?

No comments: