You are currently browsing the archives for the Federation category.
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
- Directories (1)
- Federation (1)
- Identity Management (6)
- Random Stuff (1)
- Uncategorized (8)
- December 9, 2008: Strong Authentication
- April 27, 2008: ID Card Stuff
- March 26, 2008: OSS IDM System - Some Thoughts
- October 9, 2007: Role Based Access in the Enterprise
- September 11, 2007: Open Source IDM Solutions
- September 4, 2007: Marks Apple Hickory BBQ Ribs from the grill.
- August 16, 2007: OpenSuse 10.2 Network install in 6 easy steps.
- May 29, 2007: So, I posted my Resume
- May 11, 2007: This is actually pretty cool.
- May 11, 2007: Started PAM module list
Archive for the Federation Category
Strong Authentication
December 9, 2008 by mabatche.
Lately, I have been pondering strong authentication again.
The company I work for uses RSA tokens. I find these quite nice in that they really are a decent form of two-factor authentication. The real problem here is simply cost and management. Tokens work well if you have tons of money to purchase them. So, enter the soft-token. They are nice, and we have used them for a while now. The real problem here, is that they are still just as hard to manage as the hardware tokens. If not harder, since you havee to manage that software on whatever device it is living on.
I have seen other forms of tokens, like the “bingo-card” as I call is, that looks like a bingo card, and is technically cheaper than the RSA solution.
Also, there are a ton of vendors in the two-factor token market now adays so pricing pressure is causing most vendors to lower their prices.
i do think biometrics have a place in the world, but I think the logistics surrounding them, and the general ambiguity of the technology makes it hard to implement for an enterprise.
So, I was wondering (if anyone still reads this blog lol) if anyone has any experience with things other than tokens and biometrics? Or, if anyone has run across anything bizzare that might be of interest to someone looking to change the way authentication is viewed.
When I think of authentication, I tend to think of it from 3 aspects or 3 types. (there certainly are more).
1 - simple authentication that verifies your identity and thats it. Like a username and password combination that simply allows you access to something.
2 - role based access after authentication. I suppose this is really authorization after the authentication piece.
3 - graded authentication that allows you access to resources of some type based on how you authenticated to something.
This third type is the type I have recently been focusing on. What I find strange (well, maybe not strange, but annoying really) is that outside of two-factor and biometric (well, I guess there is out of band, like a cell-phone type of thing), there really hasn’t been a lot of changes to things in this space. I know some vendors will disagree with me, and tell me that their out of band stuff, like doing verifications at a cell phone, or calling a person back after authenticating is an advance, but I really see that as a incremental kind of thing. I also see this approach as a limited one since it relies on something that some people may not have.
There has been the cardspace/id card stuff that allows people to identify themselves in a “card” on their client that is then presented to a website for authentication. This I suppose I do find compelling since it at least is somewhat interesting to me. But, to date it really hasn’t caught on much.
Smartcards are neat, since they are typically cheaper than a token, but I have found that to really do anything strong with them, you still require a password of some kind.
Well, sorry for the rant, I was just sort of brain dumping on the blog… Authentication has been top of mind for me lately, and really, I am astounded at how far we haven’t come.
Posted in Federation, Identity Management | No Comments »