Open Stack

Monday, June 8, 2015 07:10, Adam Young wrote:
> 2.  Delegation are long lived affairs.  If anything is going to take
> longer than the duration of the token, it should be in the context of a
> delegation, and the user should re-authenticate to prove identity.

Requiring re-authenticating to perform many tasks that involves delegation (a distinction that users don't understand, or care to) is a sure way to convince users to use short and weak passwords. Please, no.