Versions Compared

Old Version 20

changes.mady.by.user Jim Jokl (virginia.edu)

Saved on

compared with

New Version 21

changes.mady.by.user Jim Jokl (virginia.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Higher Education environments are rarely able to rely on a single authentication service or technology to meet all needs. Different business processes often have differing requirements for the overall strength of authentication. For example, campus authentication processes for user access to highly sensitive data are typically quite different from those applied when the same user authenticates to read email and access files stored in personal folders. Likewise, a single technical solution is rarely viable due to the differing strength requirements and, more importantly, the differing authentication assumptions made by application designers. It is still too often the case that the choice of authentication technology is effectively made by the application provider. A likely focus for the CIFER authentication effort will be a design that provides a single back-end support infrastructure that manages the user authentication credential lifecycle and provides, or integrates with, a variety of front-end user and application facing authentication services.

The key work for this effort will be to gain consensus on a a set of feature requirements for authentication services. Once this feature list is complete, we can move forward in a parallel process to:

  • Identify existing commonly-deployed open-source tools that provide all or some of the features needed
  • Analyze the available tools and determine the gaps between what is available and what CIFER needs
  • Specify core services that the authentication subsystem will need from other parts of CIFER.
Levels of Assurance

A fundamental underpinning for user authentication its reliance on the mapping between the physical individual and the identifier used to represent that individual in the electronic world, e.g., the user’s login-id. The Identity Proofing process used to perform this mapping and the documentation checked during the proofing process are some of the key factors that determine the Level of Assurance (LoA), i.e., the overall strength of the authentication process. Other important factors include the credential issuing process and credential maintenance services (e.g., password changes and reset).

...