What this is: At the August OSIdM4HE face-to-face in Chicago "Authentication" was identified as a significant "chunk" of an IAM system, but no team was formed to look at authentication-related requirements and gaps. This page collects some of these items anyway, since there are some important touchpoints with subsystems that are being worked on by dedicated teams, and there are some important requirements and gaps in authentication services that should be documented somewhere.
Authentication Functional Model
credentials
credential assignment
authentication service
credential store
password-based authentication
strong authentication, PKI, two-factor, hard tokens
web-based authentication
password management, key management
monitoring and risk-based authentication
assurance
authentication protocols
Commonly-used Authentication Service Components
MIT Kerberos, Heimdal
CAS, Shibboleth, simpleSAMLphp
OpenLDAP
(Active Directory)
Authentication System Requirements
...