What this is: The OSIdM4HE work has identified "Authentication" as a significant element of an IAM system. Unlike the other areas, a team to look at authentication-related requirements and gaps is still to be convened. This page collects some initial items in this area to invite further discussion and participation, and eventual formation of a subteam and workstream.
Authentication Functional Model Concepts
credentials
credential assignment
authentication service
credential store
password-based authentication
strong authentication, PKI, two-factor, hard tokens
web-based authentication
password management, key management
monitoring and risk-based authentication
assurance
authentication protocols
Commonly-used OS/HE Authentication Service Components
MIT Kerberos, Heimdal
CAS, Shibboleth, simpleSAMLphp
LDAP directory (OpenLDAP, etc etc)
(Active Directory)
Authentication System Requirements / Gaps / Opportunities
password management: change, reset, strength, policy, assurance
strong authentication: 2-factor, PKI
risk-based authentication: monitoring, threat assessment, mitigation methods
mobile authentication: OAuth, other?
process authentication: PKI, OAuth, other?
social identity: social2SAML webauth gateway
account linking
eduroam: RADIUS, EAP
non-web federated authn