Authentication

What is Authentication?

verifying who you are

What is Knowledge based Authentication?

something you know such as a password, passphrase, or personal

identification number (PIN)

What is Ownership based Authentication?

something you have such as a smart card, key, badge, or token

Characteristics Authentication Mechanism

some attribute that is unique to you such as biometrics your fingerprints, retina, or signature

Location Authentication Mechanism

somewhere you are, the physical location while accessing resource

Action Authentication Mechanism

something you do or how you do it such as typing pattern

Synchronous token

Calculates a number at both the authentication server and the device, can be time or event based

Asynchronous token

usb token, smart card, memory cards

Static Measures

physiological, what you are

Dynamic Measures

behavioral, what you do

Concerns surrounding Biometrics

Accuracy, reaction time, and acceptability

Single sign-on (SSO)

A strategy that allows users to sign on to a computer or network once, their identification and authorization credentials allow them into all computers and systems where authorized

Federated access

enabling a user to log on only once to a network and then access multiple systems or applications on the same or different networks

Identity Federation

describe the technology, standards, policies, and processes that allow an organization to trust digital identities, identity attributes, and credentials created and issued by another organization

OpenID

An open standard that allows users to be authenticated by certain cooperating sites (relying parties) using a third party service

OIDF

OpenID Foundation is an international nonprofit organization of individuals and companies committed to enabling, promoting, and protecting OpenID technologies

ICF

Information Card Foundation is a nonprofit community of companies and individuals working together to evolve the Information Card ecosystem

OITF

Open Identity Trust Framework is a standardized, open specification of a trust

framework for identity and attribute exchange, developed jointly by OIDF and IC

OIX

Open Identity Exchange Corporation is an independent, neutral, international

provider of certification trust frameworks conforming to the OITF mode

AXN

Attribute Exchange Network is an online Internet-scale gateway for identity

service providers (party who issues the credential) and relying parties (who

accepts a digital identity credential) to efficiently access user asserted,

permissioned, and verified online identity attributes in high volumes at affordable

costs

OAUTH 2.0

an open-standard authorization protocol or framework that provides applications the ability for “secure designated access”

What are the four roles defined in OAuth 2.0?

Resource owner, client, resource server, authorization server

OAuth

It is a protocol designed to verify the identity of an end-user and grant permissions to a third party, results in a token

OpenID Connect (OIDC)

an authentication protocol for authenticating a user is who they say the are, currently supported by many popular web services, including Google, Paypal, Microsoft and Amazon

Certificate Authority (CA)

trusted third party that issues digital certificates

X.509

bind an identity to a public key using a digital signature

Public-Key Infrastructure (PKI)

The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography

Kerberos

supports a large breadth of function, including single sign-on (SSO) implementations, and serves as the go-to authentication protocol for websites

Benefits of Kerberos

mature, meets modern distributed system requirements, architecturally sound, and is integrated into popular operating systems

Problems with Kerberos

performance