Prerequisites: Two people that belong to the same company need to authenticate each other to make sure that the peer is the one who he claims he is. It is assumed that both have access to the internet at the time of the authentication - some sort of device other than a phone is required. They might not have access to the corporate notwork but they have access to the network and they have a device (a smart phone) that can be used to connect to the validation service (in this case the corporate validation service needs to be exposed outside the firewall).
The schemes can be different but they should be simple to perform.[[BR]]
Operation should not be time consuming.[[BR]]
The validation should be instantly available to the challenging peer.[[BR]]
The validation can be used to validate peer identity in following communications: - phone conversation - email exchange - chat room - P2P messaging
Validation scheme should be flexible to accommodate different credentials that can be used to prove the authenticity of the peer: - Password - OTP code - Certificate - PGP key - SSH key[[BR]] etc.
Actors: Challenger and person being challenged
Flow (both online and can access validation service): - A challenger interacts with the challenging service and receives the challenge. - He then passes this challenge to the person being authenticated - Person combines the challenge and his credential and authenticates against the validation service - Validation service performs validation - Validation service notifies the challenger with the results.
The validation service can be offline but challenger can be online. In this case: - A challenger interacts with the challenging service and receives the challenge. - He then passes this challenge to the person being authenticated - Person combines the challenge and his credential and uses mobile app - The resulting generated code is given (verbally for example) to challenger - Challenger sends code to the validation service - Validation service performs validation - Validation service notifies the challenger with the results.
There is probably a way to do this when challenger is offline but that might be actually harder so I want to defer this use case for now.
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: Tickets Deferred
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.