Re: [keycloak-dev] Adaptive risk login

On Aug 28, 2016 7:56 AM, "Thomas Darimont" <thomas.darimont(a)googlemail.com&gt; wrote: > > Hello group, > > I just add a look at a nice feature from Forge Rock AM called: > "Adaptive risk login". Adaptive risk was really popular around 2010 as a multi-factor without a token. Mainly banks didnt want to hand out rsa secureid tokens. They used a bunch of factors like your flash version, source IP, etc. It turned out to be more trouble then it's worth. Between the ease of creating soft tokens like totp and the popularity of VPNs the adaptive risk approach proved to be mostly pointless. The amount of statistical data needed to make these decisions useful, and the amount of skill needed to configure was outweighed by simpler multi factor implementations. Oracles adaptive access manager, the most notable enterprise adaptive access manager, was merged into Oracle access manager mainly for the couple of alternative login methods but the adaptive part has disappeared. My guess is this was a "me too"/checkbox feature. I've done several forgerock implementations and this comes up as a theoretical discussion but never goes beyond that. I've seen a few machine learning based approaches to authentication but they go well beyond tracking a risk score, more behavior tracking stuff. The couple I've seen end up integrating via saml or oidc anyways so there wouldn't be much to do on the kc side. _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev