[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] New authentication method for One-Time Password?
Actually, Phill, I feel that although the physical hardware token may only be one of the factors, the relevant information about the authentication method is that it was a 2-factor authentication. Now there may be more specificity desired when evaluating the method, but that's probably true for the other currently defined methods. With a password authentication, I may very well want to know characteristics of the password (length, entropy, etc.). For X.509 certs, I may want to know the specific authn method a specific authentication was performed using the key (e.g.SPKI) - and of course we already provided some of those. For 2factor, I may want to know that it was a 2factor hardware token authentication, etc. But I at least need to know that it was a 2factor authentication.
I don't think we want to get into too many refinements of authentication methods at this point. Liberty Alliance is also doing this as part of their authentication profiles. MS is doing some of this in WS-License. But I do need to be able to distinguish the 2-factor "class" of authentication from a password class or an X.509 class.
Make sense? If so, I'd prefer to see something like 2FACTOR.
Thanks.
Rob Philpott RSA Security Inc. The Most Trusted Name in e-Security Tel: 781-515-7115 Mobile: 617-510-0893 Fax: 781-515-7020
-----Original Message-----
When I spoke to Jeff I agreed to post the relevant document node to the list when I have drafted it. The main problem is working out the name for the #%#$^ thing.
I am currently favoring PersonalHardwareToken which may be used to apply to any of the time based tokens or challenge response tokens in use. The term Token appears to me to be far to ambiguous (I find the GSSAPI specification impossible to tread because it witters on about tokens at inordinate length), the essential issue here appears to be that the token is something carried, i.e. we are talking about a human authentication mechanism here.
Phill
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC