...
- SURFnet Step-up Authentication-as-a-Service: A study of the architecture and processes.
Attachments patterns rapport.* The need for stronger forms of authentication is felt by Identity Providers (IdP) within the SURFconext federation. A business case analysis performed by SURFnet in Q2 2012 shows a clear need among SURFnet’s constituency to address this need by introducing a service in the SURFconext environment that offers strong authentication on top of the existing identity hosted by a user’s home institution. This report is a study of the architectural and procedural aspects of introducing such a service.
A number of current and near future use cases (described in Chapter 1) have emerged for which username/password is no longer sufficient. These use cases are in the areas of student information systems, administrative systems, and in collaborative research in which privacy sensitive and/or medical data is handled. The need for better authentication can be effectively addressed by introducing a SURFnet operated service (referred to as “SURFsure” in this report) offering technical and organisational assistance to the IdPs.
Handling different Levels of Assurance (LoA, the confidence relying parties can have in the authenticity of an identity) within a federation must be based on open and accepted standards. While some of these standards are still under development, it is already possible to make future-proof choices for standards defining the semantics and communication of the LoA. The SURFsure service architecture described in Chapter 2 supports the signaling of the LoA within the SURFconext federation while at the same time remaining loosely coupled to SURFconext.
...
- Information Security Guide: Effective Practices and Solutions for Higher Education: Two-Factor Authentication (2011)
About halfway through this document, one will find the Results from the 2011 Internet2/InCommon Survey on Campus Use of Two-Factor Authentication.
- Multifactor Authentication Approaches and Multifactor for InCommon Silver (2012)
Multifactor authentication (also referred to as two-factor authentication) adds another level of complexity and security to a password-only arrangement. Interest in multifactor continues to grow, as some federal agencies move in that direction. InCommon has added service offerings in this area, as well, and some schools now plan to use a second factor as a way to meet the requirements of the InCommon Silver Assurance Profile. Join our speakers to learn the basics about multifactor authentication, the pros and cons of different approaches to multifactor, and how one campus plans to use this approach for InCommon Silver
...
MFA Technologies and whitepapers
- Information Security Guide: Effective Practices and Solutions for Higher Education: Two-Factor Authentication (2011)
The first half of this document describes what two/multi-factor authentication is, and provides a reasonably extensive summary of all of the methods and technologies to providing additional authentication factors, including security tokens, smart cards, biometrics, and "second channel authentication - mobile phone-based" approaches.
...