Difference between revisions of "Multi-factor Authentication"
From MgmtWiki
(→References) |
(→Full Name and Scope) |
||
| Line 5: | Line 5: | ||
# [http://www.w3.org/TR/credential-management-1/#algorithm-request W3C Credential Management Level 1] describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use. | # [http://www.w3.org/TR/credential-management-1/#algorithm-request W3C Credential Management Level 1] describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use. | ||
# U2F | # U2F | ||
| − | # [http://www.w3.org/TR/2018/CR-webauthn-20180320/#api Web Authentication: An API for accessing Public Key Credentials Level 1] defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. | + | # [http://www.w3.org/TR/2018/CR-webauthn-20180320/#api Web Authentication: An [[API]] for accessing Public Key Credentials Level 1] defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. |
# [https://github.com/martinpaljak/x509-webauth/wiki/WebAuth WebAuth] an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context. | # [https://github.com/martinpaljak/x509-webauth/wiki/WebAuth WebAuth] an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context. | ||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Authentication]] | [[Category:Authentication]] | ||
Revision as of 10:57, 10 July 2018
Full Name and Scope
Originally known as Two-factor Authentication, this concept covers a wide range of technologies designed primarily for strong assurance as to the either the real-world identity, or at least a persistent identity, for purposes of establishing the authorization from an individual to a online resource of some type.
References
- W3C Credential Management Level 1 describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
- U2F
- Web Authentication: An API for accessing Public Key Credentials Level 1 defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
- WebAuth an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context.
