Session and token-based authentication has long been in play for web services. Could a similar solution be utilized in enterprise logins for operating systems? Rather than utilizing password schemes, would it be possible to have a checkout system to perform certain tasks? For example, rather than having an individual with an administrative account and their own login process, could they not utilize a token or single sign-on session to check out certain privileges and utilize them for a period of time? Consider these questions and then write your initial post, responding to the following:
- Research the feasibility of the described implementation. Do you think such a scenario is feasible? Why or why not?
- Is there a way to appropriately safeguard administrative sign-on processes and user sign-on processes outside of single sign-on and smartcard\biometric multifactor authentication?
No APA Format
Citations and references required