What this is: The OSIdM4HE work has identified "Authentication" as a significant element of an IAM system. Unlike the other areas, a team to look at authentication-related requirements and gaps is still to be convened. This page collects some initial items in this area to invite further discussion and participation, and eventual formation of a subteam and workstream.
Authentication Functional Model Concepts
account, subscriber
credentials, credential assignment, credential store
authentication service
authentication protocols
password-based authentication
strong authentication, PKI, two-factor, hard tokens
web-redirect-based authentication
password management, key management
monitoring and risk-based authentication
assurance
Commonly-used OS/HE Authentication Service Component Products
MIT Kerberos, Heimdal
CAS, Shibboleth, simpleSAMLphp
LDAP directory (OpenLDAP, etc etc)
(Active Directory)
(anything in PKI? InCommon cert service?)
Authentication System Requirements / Gaps / Opportunities
password management: A collection of utilities dealing with password changing.
- web-based user password change: strength meter, dictionary checking, etc
- web-based user forgotten-password reset:
strong authentication: 2-factor, PKI
risk-based authentication: monitoring, threat assessment, mitigation methods
mobile authentication: OAuth, other?
process authentication: PKI, OAuth, other?
social identity: social2SAML web authentication gateway
account linking
eduroam: RADIUS, EAP
non-web federated authn