Customers are not employees. Trying to extend governance to
their IT assets is like herding cats. Everybody will have different
systems, different degrees of understanding of computer usage,
different habits, different expectations. The ?¬?rst provisioning of
the certi?¬?cate can be challenging, given the number of things
that can go wrong during acquisition and installation, plus renewal
and maintenance is an outright nightmare and roaming
access is a challenge. As we discuss in the section ???The Babel of
Web User Interfaces,??? certi?¬?cates and their management are not
concepts we can hope the user is familiar with. If you want to
use them in a consumer-facing application, be prepared to reinforce
the headcount of your call center and train your IT staff to
twist your processes for accommodating all sorts of unforeseen
exceptions. These are all good reasons why, regardless of how
good the system is from the cryptographic standpoint, encountering
a website taking advantage of SSL client authentication
remains a fairly infrequent experience. As a result, the method is
largely unknown to the majority of end users.
Hard Tokens
The key difference between client certi?¬?cate management in the
corporate environment and in external customer-facing applications
is in the degree of control that an authority can hope to
exercise on the client machine.
Pages:
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128