|
|
|
|
|
|
by bloppe
698 days ago
|
|
|
Seems like this hot take is coming with a very specific use case in mind. I could see a company wanting fine grained control over how its employees access their privileged employee accounts. I'm not sure attestation needs to be in the spec for that, but I can see why some companies might want it in the spec for that. Ideally they would just have the right mix of policies, incentives, and culture to make sure none of the employees are grossly negligent about security. Their customers' accounts, on the other hand, are a different story. They should have freedom to choose. Companies that try to restrict that freedom should be punished in the market, or, in cases of monopoly, by the FTC. I suppose that doesn't mean it definitely shouldn't be an option in the spec, though.. |
|
|