Objet : Discussion list for Belenios
Archives de la liste
- From: Stéphane Glondu <stephane.glondu AT inria.fr>
- To: belenios-discuss <belenios-discuss AT inria.fr>
- Subject: [belenios-discuss] Revisiting voter authentication
- Date: Tue, 20 Apr 2021 11:43:58 +0200
- Ironport-hdrordr: A9a23:zW7SDawL/Y4v5qeDFYLlKrPwwb1zdoIgy1knxilNYDZSddGVkN3rufwd2wP9hjp5YgBCpfmrPq6cTXTAsaNv6Y4KMru4GCXgsm2kLIZthLGSoQHIMSv46+JbyONcY7FzYeeRMXFWhdv3iTPWL/8O29+CmZrCuc7771NACT5ncLth6QARMGemO2l7XhNPC5Z8NLf03KZ6jgGtc3gWcci3b0NtN9TrncHBl57tfHc9aiIP1Q/mt1mVwYLhHwPd9hkTVC4n+9kfzVQ=
Hello,
Currently, when one selects passwords for voter authentication (which is
most of the time), each voter receives two similar-looking e-mails: one
with the credential and one with a password. This has been reported as
confusing. Moreover, it is difficult to explain that the password can be
regenerated, but not the credential (which play different roles in the
protocol).
Therefore, I've been thinking on a new system that would confuse people
less while retaining interesting security properties. What I came up
with is a radical change in user experience, so I'm writing this message
to gather feedback from the community.
In this new system, the voter receives a single e-mail prior to the
election, the one with the credential. This e-mail is sent by the
credential authority. When the election is open, the voter enters
his/her credential, and votes as usual... but when it is time to
authenticate, he/she would just enter his/her username, and wait for an
e-mail sent by our server with a validation code that the voter would
enter in the web interface in order to continue.
The new system has been implemented in the development branch. You can
test it on the beta instance:
https://belenios.loria.fr/beta/admin
When creating an election, in the first screen, select "email (imported
from server)" as authentication mechanism. Be aware that this instance
is... beta! (i.e. do not use it for actual elections!)
We are considering removing altogether the password-based authentication
for voters, because we do not see any more benefit in it. It would
survive a few more releases, and still be activable with configuration
but not enabled on our main instance... unless someone has a compelling
reason for keeping it.
By the way, this plan does not remove the possibility to authenticate
voters with CAS (or OpenID Connect in the development branch), in which
case no e-mail is sent in the authentication phase.
Cheers,
--
Stéphane
- [belenios-discuss] Revisiting voter authentication, Stéphane Glondu, 20/04/2021
- Re: [belenios-discuss] Revisiting voter authentication, HOUART Gerald, 21/04/2021
Archives gérées par MHonArc 2.6.19+.