Difference between revisions of "Authentication Providers"

From MgmtWiki
Jump to: navigation, search
(Providers)
(Providers)
(85 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
==Full Title or Meme==
 +
A list of the enterprises and standards providers of [[Identifier]] [[Authentication]].
 +
 +
==Context==
 +
On the [[Identity Management]] page different roles are defined for [[Entity|Entities]].
 +
 
==Providers==
 
==Providers==
 
The following table is the known authentication providers and some of their characteristics. Updates and corroboration are encouraged.
 
The following table is the known authentication providers and some of their characteristics. Updates and corroboration are encouraged.
 
*Category is "User" where user has complete control, "OpenID" for providers that require user permission to release information. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
 
*Category is "User" where user has complete control, "OpenID" for providers that require user permission to release information. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
 
+
*Some sites are not authenticators, like CA (certificate authorities) or OAuth (authorization).
 +
*Many more sites exist, some are listed on the [http://openid.net/certification/ OpenID certification page]. Auth0 may offload all their AuthN to Google.
  
 
{|border="1" padding="2" width="799px"
 
{|border="1" padding="2" width="799px"
Line 8: Line 15:
 
|-
 
|-
 
|AT&T || || Cloud|| First Responders
 
|AT&T || || Cloud|| First Responders
 +
|-
 +
|[https://www.airsidemobile.com/ Airside] || Canada || Cloud || mobile passport for entering US from Canada
 
|-
 
|-
 
|Alert Enterprise || || ||  
 
|Alert Enterprise || || ||  
 
|-
 
|-
|Auth0 || Bellevue, WA ||Google || [https://www.geekwire.com/2018/auth0-raises-55m-fuel-identity-management-companys-international-expansion/ Auth0 raises $55M to fuel the identity management company’s international expansion] 2018-05-15
+
|Auth0 || Bellevue, WA ||Google ||Certified OpenID [https://www.geekwire.com/2018/auth0-raises-55m-fuel-identity-management-companys-international-expansion/ Auth0 raises $55M to fuel the identity management company’s international expansion] 2018-05-15
 +
|-
 +
|Authen2cate|| || ||IDEF registered
 
|-
 
|-
 
|Amazon||Seattle||Closed||Mostly for ecommerce sites
 
|Amazon||Seattle||Closed||Mostly for ecommerce sites
 
|-
 
|-
|CA Technologies || || || SiteMinder  
+
|CA Technologies || ||Closed and OpenID || SiteMinder (SSO and API gateway is Certified OpenID) part of Broadcom
 
|-
 
|-
 
|Consentua || || || KI demo
 
|Consentua || || || KI demo
 
|-
 
|-
|Dell (RSA) || ||Secure ID ||  
+
|Dell (RSA) || ||[https://en.wikipedia.org/wiki/RSA_SecurID SecurID] || Patented original time-based [[One-Time Password Authenticator]], only they could provide [[Authentication]] server or code while on patent
 +
|-
 +
|Digicert|| Utah ||CA ||IDEF registered
 +
|-
 +
|DigiMe || || ||  KI [[Consent Receipt]] demo
 
|-
 
|-
|DigiMe || || Affinity|| KI demo
+
|ENTRUST|| || ||used by First tech CU and others
 
|-
 
|-
 
|Facebook|| ||  OpenID||
 
|Facebook|| ||  OpenID||
 
|-
 
|-
|Forge Rock || ||OpenID ||  
+
|Forge Rock || ||OpenID || Certified OpenID
 +
|-
 +
|Google|| ||OpenID||Certified OpenID FIDO WebAuthN https://myaccount.google.com/
 
|-
 
|-
|Google|| ||OpenID|| FIDO WebAuthN https://myaccount.google.com/
+
|[https://www.globalid.net/ Global ID] || SF || DIDs || [https://www.americanbanker.com/news/neither-mad-max-nor-orwell-id-startup-walks-a-fine-line VC funded]
 
|-
 
|-
|Gluu|| || ||  
+
|Gluu|| || || Certified OpenID
 
|-
 
|-
 
|IBM || ||Premise || IBM Cognos Series 7
 
|IBM || ||Premise || IBM Cognos Series 7
 
|-
 
|-
|Janrain|| || ||
+
|[http://identityserver.io/ Identity Server 4]||DE||OpenID or OAuth||Certified OpenID [https://github.com/identityserver also available as OSS]
 +
|-
 +
|ID.me|| || Affinity||IDEF registered
 +
|-
 +
|IDEMAI.COM|| || ||merger of Oberthur Technologies (OT) and Safran Identity & Security (Morpho) Augmented Identity is about using the biometric characteristics of each person as a unique signature of individual identity
 +
|-
 +
|[https://www.iwelcome.com/ iWelcome] || Europe||  || focus on [[User Consent]] and [[Privacy]]
 +
|-
 +
|Janrain|| || ||Certified OpenID but only for RP = purchased by Akamai 2019-01
 
|-
 
|-
 
|Mastercard || || || [https://medium.com/@oxfordsbs/digital-identity-the-system-restore-of-trust-803120d7d67 Digital Identity: The System Restore of Trust]
 
|Mastercard || || || [https://medium.com/@oxfordsbs/digital-identity-the-system-restore-of-trust-803120d7d67 Digital Identity: The System Restore of Trust]
Line 39: Line 64:
 
|Microfocus(NetIQ) || || ||  
 
|Microfocus(NetIQ) || || ||  
 
|-
 
|-
|Microsoft AD || || Cloud and Premise|| Also ADFS federation service
+
|Microsoft AD || || Cloud and Premise||Certified OpenID [https://msdn.microsoft.com/en-us/library/bb897402.aspx Also ADFS federation service]
 
|-
 
|-
|Microsoft Passport ||MSFT or Office||Closed OpenID||Started with Hotmail now covers most MSFT products
+
|Microsoft Passport ||MSFT or Office||Closed or OpenID||Started with Hotmail now covers most MSFT products - Confusing naming in part because of two separate authorities created with release of Office360
 
|-
 
|-
|MojeID||CZ||OpenID||
+
|MojeID||CZ||OpenID||Certified OpenID Will accept clients from anywhere in world
 +
|-
 +
|MorphoTrust eID|| || ||IDEF registered - now part of IDEMIA
 
|-
 
|-
 
|Okta || || || [https://www.cnbc.com/2017/06/07/okta-shares-rise-as-sales-top-estimates-in-first-report-since-ipo.html Okta shares rise as sales top estimates in first report since IPO 2017-07-07]
 
|Okta || || || [https://www.cnbc.com/2017/06/07/okta-shares-rise-as-sales-top-estimates-in-first-report-since-ipo.html Okta shares rise as sales top estimates in first report since IPO 2017-07-07]
Line 55: Line 82:
 
|Open Consent ||NY + UK || Sal + Mark || KI demo
 
|Open Consent ||NY + UK || Sal + Mark || KI demo
 
|-
 
|-
|Oracle || ||Premise Cloud ||  
+
|Oracle || ||Premise Cloud || Certified OpenID for federation services
 
|-
 
|-
|Ping Identity || SV || Premise OpenID ||
+
|Ping Identity || SV || Premise OpenID ||Certified OpenID for federation services
 
|-
 
|-
|Radiant Logic|| ||Premise ||also federated ID
+
|Privo|| || ||IDEF registered
 +
|-
 +
|Radiant Logic|| ||Premise ||also federated ID & CRM
 +
|-
 +
|[https://www.raidiam.com/ Raidiam]||UK|| ||
 +
|-
 +
|[https://safenet.gemalto.com/ Safenet] || France|| MFA, cloud || Part of Gemalto and now Thales, in lots of security markets, including smart cards, absorbed Rainbow and Aladdin ID tokens
 
|-
 
|-
 
|SailPoint || || ||  
 
|SailPoint || || ||  
 +
|-
 +
|Salesforce || || ||Certified OpenID, perhaps only for federation
 
|-
 
|-
 
|Savint || || ||  
 
|Savint || || ||  
 
|-
 
|-
 +
|[https://specopssoft.com/resources/ Spec-Ops] || || || Password management
 +
|-
 
|spring.io|| ||cloud ||java same? https://www.baeldung.com/spring-security-authentication-provider
 
|spring.io|| ||cloud ||java same? https://www.baeldung.com/spring-security-authentication-provider
 +
|-
 +
|[https://vip.symantec.com/ Symantec VIP]|| ||various||IDEF registered - used by Fidelity, Ebay, PayPal and others
 +
|-
 +
|Tozny, LLC|| || ||IDEF registered
 
|-
 
|-
 
|Trunomi|| || || KI demo
 
|Trunomi|| || || KI demo
Line 71: Line 112:
 
|Twitter|| ||OpenID||
 
|Twitter|| ||OpenID||
 
|-
 
|-
|UbiSecure || || || KI demo
+
|[https://www.ubisecure.com/ UbiSecure] ||Europe || oauth or SAML|| KI demo - authorization
 
|-
 
|-
|Verizon || || ||  
+
|VASCO DataSecurity|| || ||IDEF registered as MYDIGIPASS
 
|-
 
|-
|Yahoo Verizon || || OpenID ||
+
|[https://veres.io/contact/ Veres] || || Verif Claims || From [https://digitalbazaar.com Digital Bazaar] Creates, resolves, validates [https://www.w3.org/TR/verifiable-claims-data-model/ verifiable claims]
 +
|-
 +
|Verizon || ||VZConnect || Certified OpenID, perhaps only for federation
 +
|-
 +
|Yahoo Verizon || || OpenID || Provider based on email account
 
|}
 
|}
  
 
==Non-profits==
 
==Non-profits==
 +
Note that some of these organizations are just associations of large [[Enterprise]]s.
  
 
{|border="1" padding="2" width="799px"
 
{|border="1" padding="2" width="799px"
| Name || Type || Cat||  Notes  
+
| Name || Type || Category||  Notes  
 
|-
 
|-
|AAMVA ||Attribute ||driver's license || just answers yes/no questions
+
|[https://www.aamva.org/ AAMVA] ||Attribute ||driver's license || just verifies information at state Identity providers
 
|-
 
|-
|Distributed ID || || ||  
+
| [https://www.betteridentity.org/ Better ID Coalition] || || || Large US financial companies issued a [https://static1.squarespace.com/static/5a7b7a8490bade8a77c07789/t/5b4fe83b1ae6cfa99e58a05d/1531963453495/Better_Identity_Coalition+Blueprint+-+July+2018.pdf Report]
 
|-
 
|-
|FIDO|| || UAF U2F|| Fast ID Online
+
|[https://centerforcybersecuritypolicy.org/initiatives/ Center for Cybersecurity Policy] || || ||
 
|-
 
|-
|Kantata || || UMA|| also Consent Receipt
+
|Distributed ID  || || || One hundred point of identity
 
|-
 
|-
|OAuth|| AutoZ|| ||Release under IETF
+
|[https://fidoalliance.org/ FIDO Alliance]|| || [https://fidoalliance.org/download/ UAF U2F]|| Fast ID Online 1.2 specs dtd 2017
 
|-
 
|-
|OpenID ||AuthN+AuthZ ||OpenID Connect || OpenID Foundation
+
|[https://kantarainitiative.org/ Kantata Initiative] ||Federations || UMA|| also Consent Receipt and IDEF
 
|-
 
|-
|SAML||AuthN ||SAML2||OASIS-open.org
+
|OAuth|| AuthZ|| ||Release under IETF
 +
|-
 +
|[https://openid.net OpenID Foundation] ||AuthN+AuthZ ||OpenID Connect || OpenID Foundation
 +
|-
 +
|[[SAML 2.0]]||AuthN ||SAML2||OASIS-open.org original single sign on standard
 +
|-
 +
|[http://www.tscp.org/about-tscp/ TSCP]|| || ||Transglobal Secure Collaboration Participation is a collaborative forum of worldwide stakeholders in the defense industry to address security issues
 +
|-
 +
|W3C Credential Community Group ||Decentralized||eg Public Ledger || [https://w3c-ccg.github.io/did-spec/ DID], [https://www.w3.org/TR/verifiable-claims-data-model/ verifiable claims] sponsored by blockchain providers
 
|-
 
|-
 
|Web AuthN ||IAP or RP ||aka FID02 ||released under W3C
 
|Web AuthN ||IAP or RP ||aka FID02 ||released under W3C
 +
|-
 +
|Univ. of MD|| ||Closed ||IDEF registered, supports Internet2 SAML federation
 
|}
 
|}
  
 
==References==
 
==References==
 
*Selection criteria for an AuthN provider: https://medium.freecodecamp.org/evaluating-authentication-as-a-service-providers-6903895a8450
 
*Selection criteria for an AuthN provider: https://medium.freecodecamp.org/evaluating-authentication-as-a-service-providers-6903895a8450
 +
 +
[[Category:Profile]]
 +
[[Category:Authentication]]

Revision as of 10:57, 7 May 2019

Full Title or Meme

A list of the enterprises and standards providers of Identifier Authentication.

Context

On the Identity Management page different roles are defined for Entities.

Providers

The following table is the known authentication providers and some of their characteristics. Updates and corroboration are encouraged.

  • Category is "User" where user has complete control, "OpenID" for providers that require user permission to release information. The rest are closed in the sense that users have limited control over the release of their information. Some provide OpenID as an option when an alternate is shown.
  • Some sites are not authenticators, like CA (certificate authorities) or OAuth (authorization).
  • Many more sites exist, some are listed on the OpenID certification page. Auth0 may offload all their AuthN to Google.
Company Location Cat Recent News
AT&T Cloud First Responders
Airside Canada Cloud mobile passport for entering US from Canada
Alert Enterprise
Auth0 Bellevue, WA Google Certified OpenID Auth0 raises $55M to fuel the identity management company’s international expansion 2018-05-15
Authen2cate IDEF registered
Amazon Seattle Closed Mostly for ecommerce sites
CA Technologies Closed and OpenID SiteMinder (SSO and API gateway is Certified OpenID) part of Broadcom
Consentua KI demo
Dell (RSA) SecurID Patented original time-based One-Time Password Authenticator, only they could provide Authentication server or code while on patent
Digicert Utah CA IDEF registered
DigiMe KI Consent Receipt demo
ENTRUST used by First tech CU and others
Facebook OpenID
Forge Rock OpenID Certified OpenID
Google OpenID Certified OpenID FIDO WebAuthN https://myaccount.google.com/
Global ID SF DIDs VC funded
Gluu Certified OpenID
IBM Premise IBM Cognos Series 7
Identity Server 4 DE OpenID or OAuth Certified OpenID also available as OSS
ID.me Affinity IDEF registered
IDEMAI.COM merger of Oberthur Technologies (OT) and Safran Identity & Security (Morpho) Augmented Identity is about using the biometric characteristics of each person as a unique signature of individual identity
iWelcome Europe focus on User Consent and Privacy
Janrain Certified OpenID but only for RP = purchased by Akamai 2019-01
Mastercard Digital Identity: The System Restore of Trust
Microfocus(NetIQ)
Microsoft AD Cloud and Premise Certified OpenID Also ADFS federation service
Microsoft Passport MSFT or Office Closed or OpenID Started with Hotmail now covers most MSFT products - Confusing naming in part because of two separate authorities created with release of Office360
MojeID CZ OpenID Certified OpenID Will accept clients from anywhere in world
MorphoTrust eID IDEF registered - now part of IDEMIA
Okta Okta shares rise as sales top estimates in first report since IPO 2017-07-07
Omada
One Identity
One Logon SV Premise Cloud https://www.onelogin.com/status
Open Consent NY + UK Sal + Mark KI demo
Oracle Premise Cloud Certified OpenID for federation services
Ping Identity SV Premise OpenID Certified OpenID for federation services
Privo IDEF registered
Radiant Logic Premise also federated ID & CRM
Raidiam UK
Safenet France MFA, cloud Part of Gemalto and now Thales, in lots of security markets, including smart cards, absorbed Rainbow and Aladdin ID tokens
SailPoint
Salesforce Certified OpenID, perhaps only for federation
Savint
Spec-Ops Password management
spring.io cloud java same? https://www.baeldung.com/spring-security-authentication-provider
Symantec VIP various IDEF registered - used by Fidelity, Ebay, PayPal and others
Tozny, LLC IDEF registered
Trunomi KI demo
Twitter OpenID
UbiSecure Europe oauth or SAML KI demo - authorization
VASCO DataSecurity IDEF registered as MYDIGIPASS
Veres Verif Claims From Digital Bazaar Creates, resolves, validates verifiable claims
Verizon VZConnect Certified OpenID, perhaps only for federation
Yahoo Verizon OpenID Provider based on email account

Non-profits

Note that some of these organizations are just associations of large Enterprises.

Name Type Category Notes
AAMVA Attribute driver's license just verifies information at state Identity providers
Better ID Coalition Large US financial companies issued a Report
Center for Cybersecurity Policy
Distributed ID One hundred point of identity
FIDO Alliance UAF U2F Fast ID Online 1.2 specs dtd 2017
Kantata Initiative Federations UMA also Consent Receipt and IDEF
OAuth AuthZ Release under IETF
OpenID Foundation AuthN+AuthZ OpenID Connect OpenID Foundation
SAML 2.0 AuthN SAML2 OASIS-open.org original single sign on standard
TSCP Transglobal Secure Collaboration Participation is a collaborative forum of worldwide stakeholders in the defense industry to address security issues
W3C Credential Community Group Decentralized eg Public Ledger DID, verifiable claims sponsored by blockchain providers
Web AuthN IAP or RP aka FID02 released under W3C
Univ. of MD Closed IDEF registered, supports Internet2 SAML federation

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Authentication_Providers&oldid=5586"