[security-dev] Multi Stage Authentication
Anil Saldhana
Anil.Saldhana at redhat.com
Fri Jan 25 11:47:16 EST 2013
Hi All,
I have been thinking about the multi stage authentication process
that Bill has been mentioning. Basically, the discussions have been
confusing between multi mechanism authentication vs multi stage
authentication.
In multi mechanism authentication, the framework needs to support
multiple authentication mechanisms such as Credential, X509, OTP, Custom
etc, given different entry points into the application -> browser,
mobile, rest etc.
In multi stage authentication, the framework needs to provide hooks to
define the stages in a complex authentication process for high risk
applications such as banking, credit etc.
Some of the stages are highlighted here:
credential ------> Knowledge based authentication (Questions and
Answers) --------------->Index Page
credential -------> KBA ------------> Mobile SMS Code
-------------> Money Transfer Page
credential ------> OTP -----------> Index Page
credential ----------> Index Page ---------> OTP ----------> Money
Transfer Page
Generically:
stage1 -------> stage2 -------------> Resource
So if there is an application developer who wishes to incorporate stages
into the authentication process, he can use the IDM underneath to hold
the state of the stages as well as will need hooks into defining the
authentication type for each stage.
Thoughts?
Regards,
Anil
More information about the security-dev
mailing list