Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:22 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Wed Sep 24, 2008 10:33 pm 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
Many corporate types keep telling us Yubikey has to support OATH otherwise they won't adopt it. That adds more cost to Yubikey due to the memory and CPU power required. I wonder what do you think.

* Do you hear people asking you for OATH when you demo Yubikey to them?

* Is Yubikey+OATH nice-to-have or must-have in your use case?

Thanks for comments

:?: Paul

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Sep 25, 2008 1:48 pm 
Offline

Joined: Sat Sep 20, 2008 7:09 pm
Posts: 6
For a few weeks I've been thinking about how to sell the Yubikey to an enterprise (specifically the one I work for). One challenge I see is the lack of a "enterprise grade" authentication server. What I mean by that is redundant systems so that if a auth server were to crash, or a facility where one is housed were to become unavailable, there would still be one or more backup authentication server available. Further, if anything were to go wrong with the server, there is an expectation that we have a support contract with the vendor.

So that leads to this question: would it be easier to modify the Yubico validation server to support multiple servers, replicated back end data, load balancing and to provide support contracts, or to release a new Yubikey OATH model that can use an existing "enterprise" OATH server? While the OATH authentication server market doesn't appear to be crowed, I think I've found one or two that attempt to meet those requirements.

Moved ECC comment to ECC thread viewtopic.php?p=715#p715


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 29, 2008 10:37 pm 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
geoff wrote:
For a few weeks I've been thinking about how to sell the Yubikey to an enterprise (specifically the one I work for). One challenge I see is the lack of a "enterprise grade" authentication server. What I mean by that is redundant systems so that if a auth server were to crash, or a facility where one is housed were to become unavailable, there would still be one or more backup authentication server available. Further, if anything were to go wrong with the server, there is an expectation that we have a support contract with the vendor.


I think that's more of an deployment & operational issue. I've been thinking about adopting the Nagios monitoring framework for Yubico's validation server, beside putting a load balancer to front the traffic from the net when the traffic grows.

geoff wrote:
So that leads to this question: would it be easier to modify the Yubico validation server to support multiple servers, replicated back end data, load balancing and to provide support contracts, or to release a new Yubikey OATH model that can use an existing "enterprise" OATH server? While the OATH authentication server market doesn't appear to be crowed, I think I've found one or two that attempt to meet those requirements.


Good ideas! Add them into the todo list of Yubico's open-sourced Java and PHP validation servers:

http://code.google.com/p/yubikey-val-server-php/

http://code.google.com/p/yubikey-server-j/

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group