[security-dev] Multi Stage Authentication

Anil Saldhana Anil.Saldhana at redhat.com
Fri Jan 25 11:47:16 EST 2013

Hi All,
   I have been thinking about the multi stage authentication process 
that Bill has been mentioning.  Basically, the discussions have been 
confusing between multi mechanism authentication vs multi stage 

In multi mechanism authentication, the framework needs to support 
multiple authentication mechanisms such as Credential, X509, OTP, Custom 
etc, given different entry points into the application -> browser, 
mobile, rest etc.

In multi stage authentication, the framework needs to provide hooks to 
define the stages in a complex authentication process for high risk 
applications such as banking, credit etc.

Some of the stages are highlighted here:
    credential ------>  Knowledge based authentication (Questions and 
Answers)  --------------->Index Page
    credential -------> KBA  ------------>  Mobile SMS Code 
------------->  Money Transfer Page

    credential  ------>  OTP   -----------> Index Page

    credential ----------> Index Page ---------> OTP ----------> Money 
Transfer Page

     stage1 -------> stage2  -------------> Resource

So if there is an application developer who wishes to incorporate stages 
into the authentication process, he can use the IDM underneath to hold 
the state of the stages as well as will need hooks into defining the 
authentication type for each stage.



More information about the security-dev mailing list